Skip to main content
CVE-2018-9848 CRITICAL POC Act Now

In Gxlcms QY v1.0.0713, the upload function in Lib\Lib\Action\Admin\UploadAction.class.php allows remote attackers to execute arbitrary PHP code by first using an Admin-Admin-Configsave request to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Gxlcms Qy
NVD
CVSS 3.0
9.8
EPSS
2.2%
CVE-2018-9847 CRITICAL POC Act Now

In Gxlcms QY v1.0.0713, the update function in Lib\Lib\Action\Admin\TplAction.class.php allows remote attackers to execute arbitrary PHP code by placing this code into a template. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Gxlcms Qy
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-9326 CRITICAL Act Now

Etherpad 1.6.3 before 1.6.4 allows an attacker to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Etherpad
NVD
CVSS 3.0
9.8
EPSS
2.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy