MidnightBSD

Advisories for q-cms

CVE-2018-14969 LOW

An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/system.php has XSS.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
q-cms qcms 3.0.1
CVE-2018-14970 LOW

An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/slideshow.php has XSS.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
q-cms qcms 3.0.1
CVE-2018-14971 LOW

An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/user.php has XSS.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
q-cms qcms 3.0.1
CVE-2018-14972 LOW

An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/down.php has XSS.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
q-cms qcms 3.0.1
CVE-2018-14973 LOW

An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/product.php has XSS.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
q-cms qcms 3.0.1
CVE-2018-14974 LOW

An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/news.php has XSS.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
q-cms qcms 3.0.1
CVE-2018-14975 LOW

An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/album.php has XSS.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
q-cms qcms 3.0.1
CVE-2018-14976 LOW

An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/category.php has XSS.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
q-cms qcms 3.0.1
CVE-2018-14977 MEDIUM

An issue was discovered in QCMS 3.0.1. upload/System/Controller/guest.php has XSS, as demonstrated by the name parameter, a different vulnerability than CVE-2018-8070.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
q-cms qcms 3.0.1
CVE-2018-14978 MEDIUM

An issue was discovered in QCMS 3.0.1. CSRF exists via the backend/user/admin/add.html URI.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
q-cms qcms 3.0.1
CVE-2020-10578 MEDIUM

An arbitrary file read vulnerability exists in system/controller/backend/template.php in QCMS v3.0.1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
q-cms qcms 3.0.1
CVE-2025-50233

A vulnerability in QCMS version 6.0.5 allows authenticated users to read arbitrary files from the server due to insufficient validation of the "Name" parameter in the backend template editor. By manipulating the parameter, attackers can perform directory traversal and access sensitive files outside the intended template directory, potentially exposing system configuration, PHP source code, or other sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5

Products Affected

Vendor Product Version
q-cms qcms 6.0.5