2 matches found
QCubed 3.1.1 SQL Injection Vulnerability
QCubed SQL Injection ================== | Target: | QCubed Framework | | Vendor: | QCubed | | Version: | all versions including 3.1.1 | | CVE: | CVE-2020-24913 | | Accessibility: | Remote | | Severity: | Critical | | Author: | Wolfgang Hotwagner AIT Austrian Institute of Technology | SUMMARY...
CVE-2020-24913
QCubed 3.1.1 SQL Injection (CVE-2020-24913) affects the qcubed framework via profile.php using the strQuery parameter. An unauthenticated, remote attacker can inject SQL through a crafted POST request to access the database, with reports indicating the possibility of remote code execution in wors...