SQL injection vulnerability in download.php in Horizon Quick Content Management System (QCMS) 4.0 and earlier allows remote to execute arbitrary SQL commands via the category parameter.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cynthia_fridsma | horizon_quick_content_management_system | 3.5.2 |
| cynthia_fridsma | horizon_quick_content_management_system | 3.4 |
| cynthia_fridsma | horizon_quick_content_management_system | 3.3 |
| cynthia_fridsma | horizon_quick_content_management_system | 3.5.1 |
| cynthia_fridsma | horizon_quick_content_management_system | 3.2 |
| cynthia_fridsma | horizon_quick_content_management_system | * |