CVE-2013-7138 – Horizon QCMS 4.0 SQL Injection / Directory Traversal
https://notcve.org/view.php?id=CVE-2013-7138
Directory traversal vulnerability in lib/functions/d-load.php in Horizon Quick Content Management System (QCMS) 4.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the start parameter. Vulnerabilidad de recorrido de directorios en lib/functions/d-load.php de Horizon Quick Content Management System (QCMS) 4.0 y anteriores permite a atacantes remotos leer archivos de forma arbitraria a través de un .. (punto punto) en el parámetro start. Horizon QCMS version 4.0 suffers from remote SQL injection and directory traversal vulnerabilities. • http://www.securityfocus.com/bid/64717 https://www.htbridge.com/advisory/HTB23191 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •