Skip to main content

Qcubed

3 CVEs product

Monthly

CVE-2020-24914 PHP CRITICAL POC PATCH Act Now

A PHP object injection bug in profile.php in qcubed (all versions including 3.1.1) unserializes the untrusted data of the POST-variable "strProfileData" and allows an unauthenticated attacker to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization PHP Qcubed
NVD VulDB
CVSS 3.1
9.8
EPSS
5.6%
CVE-2020-24913 PHP CRITICAL POC PATCH THREAT Act Now

A SQL injection vulnerability in qcubed (all versions including 3.1.1) in profile.php via the strQuery parameter allows an unauthenticated attacker to access the database by injecting SQL code via a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 44.0%.

SQLi PHP Qcubed
NVD VulDB
CVSS 3.1
9.8
EPSS
44.0%
Threat
4.8
CVE-2020-24912 PHP MEDIUM POC PATCH This Month

A reflected cross-site scripting (XSS) vulnerability in qcubed (all versions including 3.1.1) in profile.php via the stQuery-parameter allows unauthenticated attackers to steal sessions of. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Qcubed
NVD VulDB
CVSS 3.1
6.1
EPSS
6.3%
EPSS 6% CVSS 9.8
CRITICAL POC PATCH Act Now

A PHP object injection bug in profile.php in qcubed (all versions including 3.1.1) unserializes the untrusted data of the POST-variable "strProfileData" and allows an unauthenticated attacker to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization PHP Qcubed
NVD VulDB
EPSS 44% 4.8 CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

A SQL injection vulnerability in qcubed (all versions including 3.1.1) in profile.php via the strQuery parameter allows an unauthenticated attacker to access the database by injecting SQL code via a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 44.0%.

SQLi PHP Qcubed
NVD VulDB
EPSS 6% CVSS 6.1
MEDIUM POC PATCH This Month

A reflected cross-site scripting (XSS) vulnerability in qcubed (all versions including 3.1.1) in profile.php via the stQuery-parameter allows unauthenticated attackers to steal sessions of. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Qcubed
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy