彙總 q-cms 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
常見弱點模式包括 跨站腳本、CSRF與輸入驗證問題,在 軟體部署與生產負載 使用場景中可能帶來 工作階段劫持與異常行為 等風險。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2025-50233 | A vulnerability in QCMS version 6.0.5 allows authenticated users to read arbitrary files from the server due to insufficient validation of the "Name" parameter in the backend template editor. By manipulating the parameter, attackers can perform directory traversal and access sensitive files outside the intended template directory, potentially exposing system configuration, PHP source code, or other sensitive information. | [email protected] | 6.5 | 0.47% | 2025-08-06 | 2026-06-17 |
| CVE-2020-10578 | An arbitrary file read vulnerability exists in system/controller/backend/template.php in QCMS v3.0.1. | [email protected] | 7.5 | 1.15% | 2020-03-14 | 2026-06-16 |
| CVE-2018-14978 | An issue was discovered in QCMS 3.0.1. CSRF exists via the backend/user/admin/add.html URI. | [email protected] | 8.8 | 0.49% | 2018-08-06 | 2026-06-16 |
| CVE-2018-14977 | An issue was discovered in QCMS 3.0.1. upload/System/Controller/guest.php has XSS, as demonstrated by the name parameter, a different vulnerability than CVE-2018-8070. | [email protected] | 6.1 | 0.68% | 2018-08-06 | 2026-06-16 |
| CVE-2018-14976 | An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/category.php has XSS. | [email protected] | 4.8 | 0.53% | 2018-08-06 | 2026-06-16 |
| CVE-2018-14975 | An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/album.php has XSS. | [email protected] | 4.8 | 0.53% | 2018-08-06 | 2026-06-16 |
| CVE-2018-14974 | An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/news.php has XSS. | [email protected] | 4.8 | 0.53% | 2018-08-06 | 2026-06-16 |
| CVE-2018-14973 | An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/product.php has XSS. | [email protected] | 4.8 | 0.53% | 2018-08-06 | 2026-06-16 |
| CVE-2018-14972 | An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/down.php has XSS. | [email protected] | 4.8 | 0.53% | 2018-08-06 | 2026-06-16 |
| CVE-2018-14971 | An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/user.php has XSS. | [email protected] | 4.8 | 0.53% | 2018-08-06 | 2026-06-16 |
| CVE-2018-14970 | An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/slideshow.php has XSS. | [email protected] | 4.8 | 0.53% | 2018-08-06 | 2026-06-16 |
| CVE-2018-14969 | An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/system.php has XSS. | [email protected] | 4.8 | 0.53% | 2018-08-06 | 2026-06-16 |