Vulnerability Description
In Gxlcms QY v1.0.0713, Lib\Lib\Action\Home\HitsAction.class.php allows remote attackers to read data from a database by embedding a FROM clause in a query string within a Home-Hits request, as demonstrated hy sid=user,password%20from%20mysql.user%23.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gxlcms | Gxlcms Qy | 1.0.0713 |
Related Weaknesses (CWE)
References
- http://www.atksec.com/cve/GxlcmsQY-v1.0.0713-sqli/index.htmlExploitThird Party Advisory
- http://www.atksec.com/cve/GxlcmsQY-v1.0.0713-sqli/index.htmlExploitThird Party Advisory
FAQ
What is CVE-2018-9852?
CVE-2018-9852 is a vulnerability with a CVSS score of 9.8 (CRITICAL). In Gxlcms QY v1.0.0713, Lib\Lib\Action\Home\HitsAction.class.php allows remote attackers to read data from a database by embedding a FROM clause in a query string within a Home-Hits request, as demons...
How severe is CVE-2018-9852?
CVE-2018-9852 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-9852?
Check the references section above for vendor advisories and patch information. Affected products include: Gxlcms Gxlcms Qy.