Qcms

qcms

Vendor: Q Cms • 12 CVEs

CVEs (12)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-50233 1Q Cms 1Qcms Sep 23, 2025 Aug 6, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A vulnerability in QCMS version 6.0.5 allows authenticated users to read arbitrary files from the server due to insufficient validation of the "Name" parameter in the backend template editor. By manipulating the paramete...Show more A vulnerability in QCMS version 6.0.5 allows authenticated users to read arbitrary files from the server due to insufficient validation of the "Name" parameter in the backend template editor. By manipulating the parameter, attackers can perform directory traversal and access sensitive files outside the intended template directory, potentially exposing system configuration, PHP source code, or other sensitive information.Show less
CVE-2020-10578 1Q Cms 1Qcms Jun 17, 2026 Mar 14, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An arbitrary file read vulnerability exists in system/controller/backend/template.php in QCMS v3.0.1.
CVE-2018-14978 1Q Cms 1Qcms Nov 21, 2024 Aug 6, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in QCMS 3.0.1. CSRF exists via the backend/user/admin/add.html URI.
CVE-2018-14977 1Q Cms 1Qcms Nov 21, 2024 Aug 6, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in QCMS 3.0.1. upload/System/Controller/guest.php has XSS, as demonstrated by the name parameter, a different vulnerability than CVE-2018-8070.
CVE-2018-14976 1Q Cms 1Qcms Nov 21, 2024 Aug 6, 2018 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/category.php has XSS.
CVE-2018-14975 1Q Cms 1Qcms Nov 21, 2024 Aug 6, 2018 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/album.php has XSS.
CVE-2018-14974 1Q Cms 1Qcms Nov 21, 2024 Aug 6, 2018 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/news.php has XSS.
CVE-2018-14973 1Q Cms 1Qcms Nov 21, 2024 Aug 6, 2018 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/product.php has XSS.
CVE-2018-14972 1Q Cms 1Qcms Nov 21, 2024 Aug 6, 2018 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/down.php has XSS.
CVE-2018-14971 1Q Cms 1Qcms Nov 21, 2024 Aug 6, 2018 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/user.php has XSS.
CVE-2018-14970 1Q Cms 1Qcms Nov 21, 2024 Aug 6, 2018 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/slideshow.php has XSS.
CVE-2018-14969 1Q Cms 1Qcms Nov 21, 2024 Aug 6, 2018 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/system.php has XSS.