12 matches found
CVE-2020-10578
CVE-2020-10578 affects QCMS v3.0.1 with an arbitrary file read vulnerability in the file path system/controller/backend/template.php. Multiple connected sources (NVD, Red Hat, CNVD, CNVD CNVD-2020-19603, etc.) corroborate that an attacker can read files, leading to information disclosure. The des...
CVE-2018-14977
CVE-2018-14977 affects QCMS 3.0.1. The vulnerability is a cross-site scripting (XSS) flaw in upload/System/Controller/guest.php, exploitable via the name parameter, as described in the CVE entry and corroborated by related CNVD/RedHat references. The issue is distinct from CVE-2018-8070 (XSS via ...
CVE-2018-14972
CVE-2018-14972 affects QCMS 3.0.1, with a cross-site scripting vulnerability in upload/System/Controller/backend/down.php. The issue is described across multiple records (NVD/CNVD/CVE entries) as an XSS in that file path; no specific exploit details, affected versions, or remediation are provided...
CVE-2018-14970
CVE-2018-14970 affects QCMS 3.0.1, with a cross-site scripting (XSS) flaw in upload/System/Controller/backend/slideshow.php. The connected sources (CNVD, NVD, CVE listings) confirm the vulnerable component/file and the underlying issue is XSS, but do not provide exploit details, affected versions...
CVE-2018-14973
Summary: CVE-2018-14973 affects QCMS 3.0.1, with a cross-site scripting (XSS) vulnerability in the file path upload/System/Controller/backend/product.php. The connected documents corroborate an XSS issue in this component/version. No explicit exploitation details, affected subcomponents beyond th...
CVE-2018-14976
CVE-2018-14976 affects QCMS 3.0.1. The vulnerability is a cross-site scripting flaw in upload/System/Controller/backend/category.php. The connected documents identify XSS in this file/version but do not provide details on exploit scenarios, impact scope beyond the generic XSS description, or any ...
CVE-2018-14971
Affected software: QCMS 3.0.1. Vulnerability: Cross-site scripting (XSS) in upload/System/Controller/backend/user.php. Root cause/impact: The issue is a content/script injection vulnerability within the specified PHP file. Documents do not provide further detail on the underlying cause beyond the...
CVE-2018-14969
QCMS 3.0.1 is affected by CVE-2018-14969. The vulnerability is a cross-site scripting flaw in upload/System/Controller/backend/system.php, described in CNVD-2019-10276 as exploitable by remote attackers to inject arbitrary web script or HTML. No specific exploit details or patch information are p...
CVE-2018-14974
CVE-2018-14974 affects QCMS 3.0.1, with a cross-site scripting (XSS) flaw in upload/System/Controller/backend/news.php. CNVD describes remote exploitation to inject arbitrary script/HTML; CVSS3 base score 4.8 (MEDIUM). No remediation details provided in the supplied documents.
CVE-2018-14975
Summary: QCMS 3.0.1 has a Cross-Site Scripting (XSS) vulnerability in upload/System/Controller/backend/album.php. Concretely : CNVD-2019-10280 describes an XSS in that file affecting QCMS 3.0.1, exploitable by remote attackers to inject arbitrary web script or HTML. This is consistent with CVE-20...
CVE-2018-14978
QCMS 3.0.1 contains a CSRF vulnerability via the backend/user/admin/add.html URI (CVE-2018-14978). The CNVD entry CNVD-2019-10282 documents this issue in QCMS 3.0.1, describing a cross-site forgery that enables unauthorized operations through that endpoint. The CVE entry notes the vulnerability a...
CVE-2025-50233
QCMS 6.0.5 contains a vulnerability in the backend template editor where insufficient validation of the Name parameter enables authenticated users to perform directory traversal and read arbitrary server files outside the intended template directory (e.g., system configuration or PHP source). Imp...