CVE-2018-9851

Name of the Vulnerable Software and Affected Versions Gxlcms QY version 1.0.0713

Description The issue allows remote attackers to read any file via a modified pathname in an Admin-Tpl request. This can be achieved by using '|' instead of '/' as a directory separator, in conjunction with a ".." sequence.

Recommendations For Gxlcms QY version 1.0.0713, consider restricting access to the TplAction.class.php file in the LibLibActionAdmin directory until a patch is available. As a temporary workaround, avoid using the '|' character as a directory separator in Admin-Tpl requests to minimize the risk of exploitation.