CVE-2018-9852: Infoleak
First published: Sun Apr 08 2018(Updated: )
In Gxlcms QY v1.0.0713, Lib\Lib\Action\Home\HitsAction.class.php allows remote attackers to read data from a database by embedding a FROM clause in a query string within a Home-Hits request, as demonstrated hy sid=user,password%20from%20mysql.user%23.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Gxlcms | =1.0.0713 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for the Gxlcms QY v1.0.0713 vulnerability?
The vulnerability ID for the Gxlcms QY v1.0.0713 vulnerability is CVE-2018-9852.
What is the severity level of CVE-2018-9852?
The severity level of CVE-2018-9852 is critical with a value of 9.8.
How can remote attackers exploit the Gxlcms QY v1.0.0713 vulnerability?
Remote attackers can exploit the Gxlcms QY v1.0.0713 vulnerability by embedding a FROM clause in a query string within a Home-Hits request, allowing them to read data from a database.
What is the affected software for CVE-2018-9852?
The affected software for CVE-2018-9852 is Gxlcms QY v1.0.0713.
Is there a reference URL for more information about CVE-2018-9852?
Yes, you can find more information about CVE-2018-9852 at http://www.atksec.com/cve/GxlcmsQY-v1.0.0713-sqli/index.html.
- agent/type
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/gxlcms
- canonical/gxlcms
- version/gxlcms/1.0.0713