Vulnerabilities

CVE-2018-9852

by Fred · 07/04/2018

In Gxlcms QY v1.0.0713, LibLibActionHomeHitsAction.class.php allows remote attackers to read data from a database by embedding a FROM clause in a query string within a Home-Hits request, as demonstrated hy sid=user,password%20from%20mysql.user%23.

Date published : 2018-04-07

http://www.atksec.com/cve/GxlcmsQY-v1.0.0713-sqli/index.html

Similar

Tags: Cybersecurity Alert