Lucene search
+L

7 matches found

VulnCheck KEV
VulnCheck KEV
added 2024/01/22 12:0 a.m.3 views

VulnCheck KEV: CVE-2020-24914

A PHP object injection bug in profile.php in qcubed all versions including 3.1.1 unserializes the untrusted data of the POST-variable "strProfileData" and allows an unauthenticated attacker to execute code via a crafted POST request...

9.8CVSS7.4AI score0.0545EPSS
Exploits3References1
Check Point Advisories
Check Point Advisories
added 2021/04/28 12:0 a.m.89 views

Qcubed Remote Code Execution (CVE-2020-24914)

A remote code execution vulnerability exists in Qcubed. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.5CVSS5.3AI score0.0545EPSS
Exploits3
0day.today
0day.today
added 2021/03/13 12:0 a.m.213 views

QCubed 3.1.1 PHP Object Injection Vulnerability

QCubed PHP Object Injection =========================== | Target: | QCubed Framework | | Vendor: | QCubed | | Version: | all versions including 3.1.1 | | CVE: | CVE-2020-24914 | | Accessibility: | Remote | | Severity: | Critical | | Author: | Wolfgang Hotwagner AIT Austrian Institute of Technolog...

9.8CVSS0.1AI score0.0545EPSS
Exploits3
Packet Storm
Packet Storm
added 2021/03/12 12:0 a.m.334 views

QCubed 3.1.1 PHP Object Injection

QCubed PHP Object Injection =========================== | Identifier: | AIT-SA-20210215-01 | | Target: | QCubed Framework | | Vendor: | QCubed | | Version: | all versions including 3.1.1 | | CVE: | CVE-2020-24914 | | Accessibility: | Remote | | Severity: | Critical | | Author: | Wolfgang Hotwagne...

7.5CVSS9.6AI score0.0545EPSS
Exploits3
Circl
Circl
added 2021/03/04 4:46 p.m.40 views

CVE-2020-24914

creationtimestamp| type| source ---|---|--- 2021-03-04 16:46:31+00:00| seen| https://t.me/cibsecurity/24445 2024-04-25 21:02:24+00:00| seen| https://t.me/arpsyndicate/4863 2024-12-27 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2024-12-27 2025-01-26...

9.8CVSS7.3AI score0.0545EPSS
In wildExploits3References6
Cvelist
Cvelist
added 2021/03/04 12:33 p.m.74 views

CVE-2020-24914

A PHP object injection bug in profile.php in qcubed all versions including 3.1.1 unserializes the untrusted data of the POST-variable "strProfileData" and allows an unauthenticated attacker to execute code via a crafted POST request...

9.7AI score0.0545EPSS
Exploits3References4
CVE
CVE
added 2021/03/04 12:33 p.m.92 views

CVE-2020-24914

Summary: QCubed PHP object injection in profile.php (affecting all versions including 3.1.1) enables unauthenticated remote code execution by unserializing the POST variable “strProfileData.” The issue stems from PHP object injection in qcubed and is rated CRITICAL (CVSSv3.1: AV:N/AC:L/PR:N/UI:N/...

9.8CVSS9.6AI score0.0545EPSS
In wildExploits3References4Affected Software1
Rows per page
Query Builder