[Forgot Password]
Login  Register Subscribe

23631

 
 

127000

 
 

102010

 
 

909

 
 

81059

 
 

123

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2017-14979Date: (C)2017-10-04   (M)2018-02-19


Gxlcms uses an unsafe character-replacement approach in an attempt to restrict access, which allows remote attackers to read arbitrary files via modified pathnames in the s parameter to index.php, related to Lib/Admin/Action/TplAction.class.php and Lib/Admin/Common/function.php.

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score  : 7.5CVSS Score  : 5.0
Exploit Score: 3.9Exploit Score: 10.0
Impact Score : 3.6Impact Score : 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: NONEAuthentication: NONE
User Interaction: NONEConfidentiality: PARTIAL
Scope: UNCHANGEDIntegrity: NONE
Confidentiality: HIGHAvailability: NONE
Integrity: NONE 
Availability: NONE 
  





Reference:
https://github.com/Blck4/blck4/blob/master/Gxlcms%20POC.php

CWE    1
CWE-284

© 2013 SecPod Technologies