CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 3CVE-2013-7139 – Horizon QCMS 4.0 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-7139
SQL injection vulnerability in download.php in Horizon Quick Content Management System (QCMS) 4.0 and earlier allows remote to execute arbitrary SQL commands via the category parameter. Vulnerabilidad de inyección SQL en download.php de Horizon Quick Content Management System (QCMS) 4.0 y anteriores permite a atacantes remotos ejecutar comandos SQL de forma arbitraria a través del parámetro category. Horizon QCMS version 4.0 suffers from remote SQL injection and directory traversal vulnerabilities. • https://www.exploit-db.com/exploits/30917 http://www.securityfocus.com/bid/64715 https://www.htbridge.com/advisory/HTB23191 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 2CVE-2013-7138 – Horizon QCMS 4.0 SQL Injection / Directory Traversal
https://notcve.org/view.php?id=CVE-2013-7138
Directory traversal vulnerability in lib/functions/d-load.php in Horizon Quick Content Management System (QCMS) 4.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the start parameter. Vulnerabilidad de recorrido de directorios en lib/functions/d-load.php de Horizon Quick Content Management System (QCMS) 4.0 y anteriores permite a atacantes remotos leer archivos de forma arbitraria a través de un .. (punto punto) en el parámetro start. Horizon QCMS version 4.0 suffers from remote SQL injection and directory traversal vulnerabilities. • http://www.securityfocus.com/bid/64717 https://www.htbridge.com/advisory/HTB23191 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •