Description
SQL injection vulnerability in download.php in Horizon Quick Content Management System (QCMS) 4.0 and earlier allows remote to execute arbitrary SQL commands via the category parameter.
Exploits (1)
References (2)
Core 2
Core References
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/64715
Exploit x_refsource_misc
https://www.htbridge.com/advisory/HTB23191
Scores
EPSS
0.0033
EPSS Percentile
56.0%
Details
CWE
CWE-89
Status
published
Products (6)
cynthia_fridsma/horizon_quick_content_management_system
3.2 a
cynthia_fridsma/horizon_quick_content_management_system
3.3
cynthia_fridsma/horizon_quick_content_management_system
3.4
cynthia_fridsma/horizon_quick_content_management_system
3.5.1
cynthia_fridsma/horizon_quick_content_management_system
3.5.2
cynthia_fridsma/horizon_quick_content_management_system
< 4.0
Published
Jan 09, 2014
Tracked Since
Feb 18, 2026