2 matches found
CVE-2020-24914
A PHP object injection bug in profile.php in qcubed all versions including 3.1.1 unserializes the untrusted data of the POST-variable "strProfileData" and allows an unauthenticated attacker to execute code via a crafted POST request...
PT-2021-11086 · Qcubed · Qcubed
Name of the Vulnerable Software and Affected Versions: qcubed versions 3.1.1 and earlier Description: A PHP object injection bug in profile.php unserializes the untrusted data of the strProfileData POST-variable, allowing an unauthenticated attacker to execute code via a crafted POST request...