A vulnerability classified as problematic was found in Gxlcms 2.0. Affected by this vulnerability is the function mt_rand() of the file lib\admin\action\dataaction.class.php of the component Database Backup. The manipulation as part of a Backup File leads to a information disclosure vulnerability. The CWE definition for the vulnerability is CWE-200. As an impact it is known to affect confidentiality.

The weakness was published 10/18/2018. This vulnerability is known as CVE-2018-18487 since 10/18/2018. The exploitation appears to be difficult. Technical details are known, but no exploit is available. The price for an exploit might be around USD $0-$5k at the moment (estimation calculated on 10/19/2018).

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Similar entries are available at 125786.

CPE

• 🔒

CVSSv3

VulDB Meta Base Score: 2.6
VulDB Meta Temp Score: 2.6

VulDB Base Score: ≈2.6
VulDB Temp Score: ≈2.6
VulDB Vector: 🔒
VulDB Reliability: 🔍

CVSSv2

VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍

Exploiting

Class: Information disclosure (CWE-200)
Local: Yes
Remote: No

Availability: No

Price Prediction: 🔍
Current Price Estimation: 🔒

Threat Intelligence

Threat: 🔍
Adversaries: 🔍
Geopolitics: 🔍
Economy: 🔍
Predictions: 🔍
Actions: 🔍

Countermeasures

Recommended: no mitigation known
0-Day Time: 🔒

Timeline

10/18/2018 Advisory disclosed
10/18/2018 CVE assigned
10/19/2018 VulDB entry created
10/19/2018 VulDB last update

Sources

CVE: CVE-2018-18487 (🔒)
See also: 🔒

Entry

Created: 10/19/2018
Complete: 🔍

Lien vers l'article source