← Back to CVE List
CVE-2018-9850
In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\DataAction.class.php allows remote attackers to delete any file via directory traversal sequences in the id parameter of an Admin-Data-del request.
> MITRE Terms of Use apply – see LICENSE‑MITRE.txt