CVE-2018-18488: SQL Injection
First published: Thu Oct 18 2018(Updated: )
In \lib\admin\action\dataaction.class.php in Gxlcms v2.0, SQL Injection exists via the ids[] parameter.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Usualtool CMS | =2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the CVE ID of the vulnerability?
The CVE ID of the vulnerability is CVE-2018-18488.
What is the severity level of CVE-2018-18488?
The severity level of CVE-2018-18488 is critical with a score of 9.8.
How does the SQL Injection vulnerability occur in Gxlcms v2.0?
The SQL Injection vulnerability occurs via the ids[] parameter in \lib\admin\action\dataaction.class.php.
What software version is affected by CVE-2018-18488?
The Gxlcms v2.0 version is affected by CVE-2018-18488.
Is there a reference for CVE-2018-18488?
Yes, you can find more information about CVE-2018-18488 at http://sunu11.com/2018/10/18/glxcms/.
- agent/type
- agent/severity
- agent/author
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/gxlcms
- canonical/usualtool cms
- version/usualtool cms/2.0