Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
quickbox vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2021-45281
QuickBox Pro v2.4.8 contains a cross-site scripting (XSS) vulnerability at "adminuseredit.php?usertoedit=XSS", as the user supplied input for the value of this parameter is not properly sanitized.
Quickbox Quickbox 2.4.8
Quickbox Quickbox 2.5.8
801
VMScore
CVE-2020-13448
QuickBox Community Edition up to and including 2.5.5 and Pro Edition up to and including 2.1.8 allows an authenticated remote malicious user to execute code on the server via command injection in the servicestart parameter.
Quickbox Quickbox
801
VMScore
CVE-2020-13694
In QuickBox Community Edition up to and including 2.5.5 and Pro Edition up to and including 2.1.8, the local www-data user can execute sudo mysql without a password, which means that the www-data user can execute arbitrary OS commands via the mysql -e option.
Quickbox Quickbox
801
VMScore
CVE-2021-44981
In QuickBox Pro v2.5.8 and below, the config.php file has a variable which takes a GET parameter value and parses it into a shell_exec(''); function without properly sanitizing any shell arguments, therefore remote code execution is possible. Additionally, as the media ...
Quickbox Quickbox
801
VMScore
CVE-2020-13695
In QuickBox Community Edition up to and including 2.5.5 and Pro Edition up to and including 2.1.8, the local www-data user has sudo privileges to execute grep as root without a password, which allows an malicious user to obtain sensitive information via a grep of a /root/*.db or ...
Quickbox Quickbox
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4040
cross-site scripting
CVE-2023-25790
CVE-2024-2961
XML external entity
CVE-2024-26926
CVE-2024-32806
CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started