The add function in www/Lib/Lib/Action/Admin/TplAction.class.php in Gxlcms v1.1.4 allows remote attackers to read arbitrary files via a crafted index.php?s=Admin-Tpl-ADD-id request, related to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Information Disclosure
PHP
Gxlcms
NVD
GitHub
CVSS 3.0
9.8
EPSS
2.1%