Directory traversal vulnerability in lib/functions/d-load.php in Horizon Quick Content Management System (QCMS) 4.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the start parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| horizon_quick_content_management_system_project | horizon_quick_content_management_system | 3.4 |
| horizon_quick_content_management_system_project | horizon_quick_content_management_system | * |
| horizon_quick_content_management_system_project | horizon_quick_content_management_system | 3.3 |
| horizon_quick_content_management_system_project | horizon_quick_content_management_system | 3.5.1 |
| horizon_quick_content_management_system_project | horizon_quick_content_management_system | 3.2 |
| horizon_quick_content_management_system_project | horizon_quick_content_management_system | 3.5.2 |