CVE-2018-9247

Publication date

2018-04-04 00:00:00

Family

mitre

State

PUBLISHED

Description

The upsql function in LibLibActionAdminDataAction.class.php in Gxlcms QY v1.0.0713 allows remote attackers to execute arbitrary SQL statements via the sql parameter. Consequently, an attacker can execute arbitrary PHP code by placing it after a