Skip to main content

Gxlcms

8 CVEs product

Monthly

CVE-2018-18488 CRITICAL POC Act Now

In \lib\admin\action\dataaction.class.php in Gxlcms v2.0, SQL Injection exists via the ids[] parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Gxlcms
NVD
CVSS 3.0
9.8
EPSS
1.1%
CVE-2018-18487 HIGH POC This Week

In \lib\admin\action\dataaction.class.php in Gxlcms v2.0, the database backup filename generation uses mt_rand() unsafely, resulting in predictable database backup file locations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Gxlcms
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2018-16655 MEDIUM POC This Month

Gxlcms 1.0 has XSS via the PATH_INFO to gx/lib/ThinkPHP/Tpl/ThinkException.tpl.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Gxlcms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-16437 MEDIUM POC This Month

Gxlcms 2.0 before bug fix 20180915 has Directory Traversal exploitable by an administrator. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Gxlcms
NVD
CVSS 3.0
4.9
EPSS
1.6%
CVE-2018-16436 HIGH POC This Week

Gxlcms 2.0 before bug fix 20180915 has SQL Injection exploitable by an administrator. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Gxlcms
NVD
CVSS 3.0
7.2
EPSS
1.5%
CVE-2018-15177 HIGH This Week

In Gxlcms 2.0, a news/index.php?s=Admin-Admin-Insert CSRF attack can add an administrator account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF PHP Gxlcms
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2018-14685 CRITICAL POC Act Now

The add function in www/Lib/Lib/Action/Admin/TplAction.class.php in Gxlcms v1.1.4 allows remote attackers to read arbitrary files via a crafted index.php?s=Admin-Tpl-ADD-id request, related to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Gxlcms
NVD GitHub
CVSS 3.0
9.8
EPSS
2.1%
CVE-2017-14979 HIGH POC This Week

Gxlcms uses an unsafe character-replacement approach in an attempt to restrict access, which allows remote attackers to read arbitrary files via modified pathnames in the s parameter to index.php,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Gxlcms
NVD GitHub
CVSS 3.0
7.5
EPSS
0.3%
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

In \lib\admin\action\dataaction.class.php in Gxlcms v2.0, SQL Injection exists via the ids[] parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Gxlcms
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

In \lib\admin\action\dataaction.class.php in Gxlcms v2.0, the database backup filename generation uses mt_rand() unsafely, resulting in predictable database backup file locations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Gxlcms
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

Gxlcms 1.0 has XSS via the PATH_INFO to gx/lib/ThinkPHP/Tpl/ThinkException.tpl.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Gxlcms
NVD GitHub
EPSS 2% CVSS 4.9
MEDIUM POC This Month

Gxlcms 2.0 before bug fix 20180915 has Directory Traversal exploitable by an administrator. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Gxlcms
NVD
EPSS 1% CVSS 7.2
HIGH POC This Week

Gxlcms 2.0 before bug fix 20180915 has SQL Injection exploitable by an administrator. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Gxlcms
NVD
EPSS 1% CVSS 8.8
HIGH This Week

In Gxlcms 2.0, a news/index.php?s=Admin-Admin-Insert CSRF attack can add an administrator account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF PHP Gxlcms
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

The add function in www/Lib/Lib/Action/Admin/TplAction.class.php in Gxlcms v1.1.4 allows remote attackers to read arbitrary files via a crafted index.php?s=Admin-Tpl-ADD-id request, related to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Gxlcms
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC This Week

Gxlcms uses an unsafe character-replacement approach in an attempt to restrict access, which allows remote attackers to read arbitrary files via modified pathnames in the s parameter to index.php,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Gxlcms
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy