11 matches found
CVE-2020-10578
An arbitrary file read vulnerability exists in system/controller/backend/template.php in QCMS v3.0.1.
CVE-2018-14977
An issue was discovered in QCMS 3.0.1. upload/System/Controller/guest.php has XSS, as demonstrated by the name parameter, a different vulnerability than CVE-2018-8070.
CVE-2018-14972
An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/down.php has XSS.
CVE-2018-14970
An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/slideshow.php has XSS.
CVE-2018-14973
An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/product.php has XSS.
CVE-2018-14976
An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/category.php has XSS.
CVE-2018-14969
An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/system.php has XSS.
CVE-2018-14971
An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/user.php has XSS.
CVE-2018-14974
An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/news.php has XSS.
CVE-2018-14978
An issue was discovered in QCMS 3.0.1. CSRF exists via the backend/user/admin/add.html URI.
CVE-2018-14975
An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/album.php has XSS.