119 matches found
Open Solution QuickCMS 跨站请求伪造漏洞
Open Solution QuickCMS is an open-source content management system developed by Open Solution. Version 6.8 of Open Solution QuickCMS contains a cross-site request forgeing vulnerability. This vulnerability arises due to the lack of protection against cross-site request forgery attacks, which may...
CVE-2025-12465
A Blind SQL injection vulnerability has been identified in QuickCMS. Improper neutralization of input provided by a high-privileged user into aFilesDelete allows for Blind SQL Injection attacks. The vendor was notified early about this vulnerability, but didn't respond with the details of...
CVE-2025-12465
A Blind SQL injection vulnerability has been identified in QuickCMS. Improper neutralization of input provided by a high-privileged user into aFilesDelete allows for Blind SQL Injection attacks. The vendor was notified early about this vulnerability, but didn't respond with the details of...
CVE-2025-12465 Blind SQL Injection in QuickCMS
A Blind SQL injection vulnerability has been identified in QuickCMS. Improper neutralization of input provided by a high-privileged user into aFilesDelete allows for Blind SQL Injection attacks. The vendor was notified early about this vulnerability, but didn't respond with the details of...
CVE-2025-12465 Blind SQL Injection in QuickCMS
A Blind SQL injection vulnerability has been identified in QuickCMS. Improper neutralization of input provided by a high-privileged user into aFilesDelete allows for Blind SQL Injection attacks. The vendor was notified early about this vulnerability, but didn't respond with the details of...
EUVD-2025-200223
A Blind SQL injection vulnerability has been identified in QuickCMS. Improper neutralization of input provided by a high-privileged user into aFilesDelete allows for Blind SQL Injection attacks. The vendor was notified early about this vulnerability, but didn't respond with the details of...
CVE-2025-12465
CVE-2025-12465 describes a Blind SQL injection in QuickCMS located in the aFilesDelete input path when provided by a high-privileged user. The vulnerability arises from improper neutralization of user input, enabling blind SQL injection attacks. Multiple sources (NVD, Red Hat, CVE lists) reiterat...
Open Solution QuickCMS SQL注入漏洞
Open Solution QuickCMS is an Open Solution open source content management system. Open Solution QuickCMS suffers from a SQL injection vulnerability that stems from improper neutralization of elevated user input, which could lead to a blind SQL injection attack...
PT-2025-48666
A Blind SQL injection vulnerability has been identified in QuickCMS. Improper neutralization of input provided by a high-privileged user into aFilesDelete allows for Blind SQL Injection attacks. The vendor was notified early about this vulnerability, but didn't respond with the details of...
CVE-2025-9982
A vulnerability exists in QuickCMS version 6.8 where sensitive admin credentials are hardcoded in a configuration file and stored in plaintext. This flaw allows attackers with access to the source code or the server file system to retrieve authentication details, potentially leading to privilege...
CVE-2025-10018
QuickCMS is vulnerable to multiple Stored XSS in language editor functionality languages. Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed on every page. By default admin user is not able to add JavaScript into the website. Th...
CVE-2025-9982
A vulnerability exists in QuickCMS version 6.8 where sensitive admin credentials are hardcoded in a configuration file and stored in plaintext. This flaw allows attackers with access to the source code or the server file system to retrieve authentication details, potentially leading to privilege...
CVE-2025-9982
A vulnerability exists in QuickCMS version 6.8 where sensitive admin credentials are hardcoded in a configuration file and stored in plaintext. This flaw allows attackers with access to the source code or the server file system to retrieve authentication details, potentially leading to privilege...
CVE-2025-10018
QuickCMS is vulnerable to multiple Stored XSS in language editor functionality languages. Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed on every page. By default admin user is not able to add JavaScript into the website. Th...
EUVD-2025-197611
QuickCMS is vulnerable to multiple Stored XSS in language editor functionality languages. Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed on every page. By default admin user is not able to add JavaScript into the website. Th...
CVE-2025-10018 Multiple Stored XSS in QuickCMS
QuickCMS is vulnerable to multiple Stored XSS in language editor functionality languages. Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed on every page. By default admin user is not able to add JavaScript into the website. Th...
CVE-2025-10018 Multiple Stored XSS in QuickCMS
QuickCMS is vulnerable to multiple Stored XSS in language editor functionality languages. Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed on every page. By default admin user is not able to add JavaScript into the website. Th...
CVE-2025-10018
Summary (CVE-2025-10018) : QuickCMS is reported vulnerable to multiple Stored XSS in the language editor. Affected: version 6.8 (only this version was tested; other versions were not tested and may also be affected). Impact: an attacker with admin privileges can inject arbitrary HTML/JS, leading ...
CVE-2025-9982
CVE-2025-9982 affects QuickCMS 6.8. The vulnerability is due to sensitive admin credentials hardcoded in a plaintext configuration file, allowing attackers with access to the source code or server filesystem to retrieve credentials and potentially escalate privileges. Only version 6.8 was tested ...
CVE-2025-9982 Hard-coded admin credentials in Quick.CMS
A vulnerability exists in QuickCMS version 6.8 where sensitive admin credentials are hardcoded in a configuration file and stored in plaintext. This flaw allows attackers with access to the source code or the server file system to retrieve authentication details, potentially leading to privilege...