cpe:/a:gxlcms:gxlcms:- CVE-2017-14979 2017-10-02T21:29:02.733-04:00 2019-10-02T20:03:26.223-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2017-10-17T09:33:30.703-04:00 MISC https://github.com/Blck4/blck4/blob/master/Gxlcms%20POC.php Gxlcms uses an unsafe character-replacement approach in an attempt to restrict access, which allows remote attackers to read arbitrary files via modified pathnames in the s parameter to index.php, related to Lib/Admin/Action/TplAction.class.php and Lib/Admin/Common/function.php.