CVE-2018-9850 in Gxlcms QYinfo

Summary

In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\DataAction.class.php allows remote attackers to delete any file via directory traversal sequences in the id parameter of an Admin-Data-del request.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Reservation

04/07/2018

Disclosure

04/07/2018

Entries

1

CPE

ready

CVSS

7.0

EPSS

0.00425

Activities

Very Low

Sources

MITREhttps://www.cve.org/CVERecord?id=CVE-2018-9850
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2018-9850
CVE Detailshttps://www.cvedetails.com/cve/CVE-2018-9850/

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!