CVE Daily

CVE-2013-7139

SQL injection vulnerability in download.php in Horizon Quick Content Management ...

High CVSS 7.5

Overview

SQL injection vulnerability in download.php in Horizon Quick Content Management System (QCMS) 4.0 and earlier allows remote to execute arbitrary SQL commands via the category parameter.

CWE: CWE-89 Published: 2014-01-09T18:55:08.227
Risk analysis

This vulnerability is rated 🟠 HIGH.

  • CVSS: 7.5 (HIGH)
  • Detected tags: none (tag impact: LOW)

Recommended actions:

  • Prioritize remediation based on business criticality and exposure.
  • Limit exposure and increase monitoring until fixed.

Recommended tools

Tags