← Back

Gxlcms Qy

gxlcms_qy

Vendor: Gxlcms • 6 CVEs

CVEs (6)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2018-9852
1Gxlcms
1Gxlcms Qy
Nov 21, 2024
Apr 8, 2018
N/A· v4
9.8 CRITICAL· v3
5.0 MEDIUM· v2
In Gxlcms QY v1.0.0713, Lib\Lib\Action\Home\HitsAction.class.php allows remote attackers to read data from a database by embedding a FROM clause in a query string within a Home-Hits request, as demonstrated hy sid=user,p...Show more
In Gxlcms QY v1.0.0713, Lib\Lib\Action\Home\HitsAction.class.php allows remote attackers to read data from a database by embedding a FROM clause in a query string within a Home-Hits request, as demonstrated hy sid=user,password%20from%20mysql.user%23.Show less
CVE-2018-9851
1Gxlcms
1Gxlcms Qy
Nov 21, 2024
Apr 8, 2018
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\TplAction.class.php allows remote attackers to read any file via a modified pathname in an Admin-Tpl request, as demonstrated by use of '|' instead of '/' as a directory separ...Show more
In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\TplAction.class.php allows remote attackers to read any file via a modified pathname in an Admin-Tpl request, as demonstrated by use of '|' instead of '/' as a directory separator, in conjunction with a ".." sequence.Show less
CVE-2018-9850
1Gxlcms
1Gxlcms Qy
Nov 21, 2024
Apr 8, 2018
N/A· v4
7.5 HIGH· v3
6.4 MEDIUM· v2
In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\DataAction.class.php allows remote attackers to delete any file via directory traversal sequences in the id parameter of an Admin-Data-del request.
CVE-2018-9848
1Gxlcms
1Gxlcms Qy
Nov 21, 2024
Apr 7, 2018
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
In Gxlcms QY v1.0.0713, the upload function in Lib\Lib\Action\Admin\UploadAction.class.php allows remote attackers to execute arbitrary PHP code by first using an Admin-Admin-Configsave request to change the config[uploa...Show more
In Gxlcms QY v1.0.0713, the upload function in Lib\Lib\Action\Admin\UploadAction.class.php allows remote attackers to execute arbitrary PHP code by first using an Admin-Admin-Configsave request to change the config[upload_class] value from jpg,gif,png,jpeg to jpg,gif,png,jpeg,php and then making an Admin-Upload-Upload request.Show less
CVE-2018-9847
1Gxlcms
1Gxlcms Qy
Nov 21, 2024
Apr 7, 2018
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
In Gxlcms QY v1.0.0713, the update function in Lib\Lib\Action\Admin\TplAction.class.php allows remote attackers to execute arbitrary PHP code by placing this code into a template.
CVE-2018-9247
1Gxlcms
1Gxlcms Qy
Nov 21, 2024
Apr 4, 2018
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
The upsql function in \Lib\Lib\Action\Admin\DataAction.class.php in Gxlcms QY v1.0.0713 allows remote attackers to execute arbitrary SQL statements via the sql parameter. Consequently, an attacker can execute arbitrary P...Show more
The upsql function in \Lib\Lib\Action\Admin\DataAction.class.php in Gxlcms QY v1.0.0713 allows remote attackers to execute arbitrary SQL statements via the sql parameter. Consequently, an attacker can execute arbitrary PHP code by placing it after a <?php substring, and then using INTO OUTFILE with a .php filename.Show less