Vulnerability Details CVE-2013-7138
Directory traversal vulnerability in lib/functions/d-load.php in Horizon Quick Content Management System (QCMS) 4.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the start parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 34.2%
CVSS Severity
CVSS v2 Score 5.0
References
Products affected by CVE-2013-7138
-
Horizon Quick Content Management System Project » Horizon Quick Content Management System » Version: 3.2cpe:2.3:a:horizon_quick_content_management_system_project:horizon_quick_content_management_system:3.2
-
Horizon Quick Content Management System Project » Horizon Quick Content Management System » Version: 3.3cpe:2.3:a:horizon_quick_content_management_system_project:horizon_quick_content_management_system:3.3
-
Horizon Quick Content Management System Project » Horizon Quick Content Management System » Version: 3.4cpe:2.3:a:horizon_quick_content_management_system_project:horizon_quick_content_management_system:3.4
-
Horizon Quick Content Management System Project » Horizon Quick Content Management System » Version: 3.5.1cpe:2.3:a:horizon_quick_content_management_system_project:horizon_quick_content_management_system:3.5.1
-
Horizon Quick Content Management System Project » Horizon Quick Content Management System » Version: 3.5.2cpe:2.3:a:horizon_quick_content_management_system_project:horizon_quick_content_management_system:3.5.2
-
Horizon Quick Content Management System Project » Horizon Quick Content Management System » Version: 4.0cpe:2.3:a:horizon_quick_content_management_system_project:horizon_quick_content_management_system:4.0