CVE-2013-7139

Horizon Quick Content Management System <= 4.0 - SQL Injection via Download Category Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-7139. PoCs published by High-Tech Bridge SA.

AI-analyzed exploit summary The document describes two vulnerabilities in Horizon QCMS: a path traversal (CVE-2013-7138) allowing arbitrary file reads and an SQL injection (CVE-2013-7139) enabling database manipulation. It includes exploitation examples but no executable code.

Description

SQL injection vulnerability in download.php in Horizon Quick Content Management System (QCMS) 4.0 and earlier allows remote to execute arbitrary SQL commands via the category parameter.

Exploits (1)

exploitdb WRITEUP
by High-Tech Bridge SA · textwebappsphp
https://www.exploit-db.com/exploits/30917

The document describes two vulnerabilities in Horizon QCMS: a path traversal (CVE-2013-7138) allowing arbitrary file reads and an SQL injection (CVE-2013-7139) enabling database manipulation. It includes exploitation examples but no executable code.

Classification
Writeup 100%
Attack Type
Info Leak | Sqli
Complexity
Trivial
Reliability
Reliable
Target: Horizon QCMS 4.0 and prior
No auth needed
Prerequisites: Network access to the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/64715

Scores

EPSS 0.0112
EPSS Percentile 62.0%

Details

CWE
CWE-89
Status published
Products (6)
cynthia_fridsma/horizon_quick_content_management_system 3.2 a
cynthia_fridsma/horizon_quick_content_management_system 3.3
cynthia_fridsma/horizon_quick_content_management_system 3.4
cynthia_fridsma/horizon_quick_content_management_system 3.5.1
cynthia_fridsma/horizon_quick_content_management_system 3.5.2
cynthia_fridsma/horizon_quick_content_management_system < 4.0
Published Jan 09, 2014
Tracked Since Feb 18, 2026