In \lib\admin\action\dataaction.class.php in Gxlcms v2.0, the database backup filename generation uses mt_rand() unsafely, resulting in predictable database backup file locations.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gxlcms gxlcms 2.0 |