CVE-2018-14685: Infoleak
First published: Sat Jul 28 2018(Updated: )
The add function in www/Lib/Lib/Action/Admin/TplAction.class.php in Gxlcms v1.1.4 allows remote attackers to read arbitrary files via a crafted index.php?s=Admin-Tpl-ADD-id request, related to Lib/Common/Admin/function.php.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Usualtool CMS | =1.1.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of the Gxlcms vulnerability?
The vulnerability ID of the Gxlcms vulnerability is CVE-2018-14685.
What is the severity of the CVE-2018-14685 vulnerability?
The severity of the CVE-2018-14685 vulnerability is critical with a severity value of 9.8.
How does the CVE-2018-14685 vulnerability allow attackers to read arbitrary files?
The CVE-2018-14685 vulnerability allows attackers to read arbitrary files by exploiting the add function in the TplAction.class.php file in Gxlcms v1.1.4.
What is the affected software version of the CVE-2018-14685 vulnerability?
The affected software version of the CVE-2018-14685 vulnerability is Gxlcms v1.1.4.
Is there a fix available for the CVE-2018-14685 vulnerability?
Currently, there is no official fix available for the CVE-2018-14685 vulnerability.
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/description
- agent/type
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/gxlcms
- canonical/usualtool cms
- version/usualtool cms/1.1.4