QCMS
Products
1- 8 CVEs
Recent CVEs
8| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-10578 | Hig | 0.49 | 7.5 | 0.01 | Mar 14, 2020 | An arbitrary file read vulnerability exists in system/controller/backend/template.php in QCMS v3.0.1. | ||
| CVE-2025-50233 | Med | 0.42 | 6.5 | 0.00 | Aug 6, 2025 | A vulnerability in QCMS version 6.0.5 allows authenticated users to read arbitrary files from the server due to insufficient validation of the "Name" parameter in the backend template editor. By manipulating the parameter, attackers can perform directory traversal and access… | ||
| CVE-2018-14977 | Med | 0.40 | 6.1 | 0.01 | Aug 6, 2018 | An issue was discovered in QCMS 3.0.1. upload/System/Controller/guest.php has XSS, as demonstrated by the name parameter, a different vulnerability than CVE-2018-8070. | ||
| CVE-2018-8070 | Med | 0.35 | 5.4 | 0.01 | Mar 12, 2018 | QCMS version 3.0 has XSS via the title parameter to the /guest/index.html URI. | ||
| CVE-2018-8069 | Med | 0.35 | 5.4 | 0.01 | Mar 12, 2018 | QCMS version 3.0 has XSS via the webname parameter to the /backend/system.html URI. | ||
| CVE-2018-14975 | Med | 0.31 | 4.8 | 0.01 | Aug 6, 2018 | An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/album.php has XSS. | ||
| CVE-2018-14973 | Med | 0.31 | 4.8 | 0.01 | Aug 6, 2018 | An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/product.php has XSS. | ||
| CVE-2018-14970 | Med | 0.31 | 4.8 | 0.01 | Aug 6, 2018 | An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/slideshow.php has XSS. |
- risk 0.49cvss 7.5epss 0.01
An arbitrary file read vulnerability exists in system/controller/backend/template.php in QCMS v3.0.1.
- risk 0.42cvss 6.5epss 0.00
A vulnerability in QCMS version 6.0.5 allows authenticated users to read arbitrary files from the server due to insufficient validation of the "Name" parameter in the backend template editor. By manipulating the parameter, attackers can perform directory traversal and access…
- risk 0.40cvss 6.1epss 0.01
An issue was discovered in QCMS 3.0.1. upload/System/Controller/guest.php has XSS, as demonstrated by the name parameter, a different vulnerability than CVE-2018-8070.
- risk 0.35cvss 5.4epss 0.01
QCMS version 3.0 has XSS via the title parameter to the /guest/index.html URI.
- risk 0.35cvss 5.4epss 0.01
QCMS version 3.0 has XSS via the webname parameter to the /backend/system.html URI.
- risk 0.31cvss 4.8epss 0.01
An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/album.php has XSS.
- risk 0.31cvss 4.8epss 0.01
An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/product.php has XSS.
- risk 0.31cvss 4.8epss 0.01
An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/slideshow.php has XSS.