Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
quickbox quickbox vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2021-45281
QuickBox Pro v2.4.8 contains a cross-site scripting (XSS) vulnerability at "adminuseredit.php?usertoedit=XSS", as the user supplied input for the value of this parameter is not properly sanitized.
Quickbox Quickbox 2.4.8
Quickbox Quickbox 2.5.8
9
CVSSv2
CVE-2021-44981
In QuickBox Pro v2.5.8 and below, the config.php file has a variable which takes a GET parameter value and parses it into a shell_exec(''); function without properly sanitizing any shell arguments, therefore remote code execution is possible. Additionally, as the media ...
Quickbox Quickbox
9
CVSSv2
CVE-2020-13695
In QuickBox Community Edition up to and including 2.5.5 and Pro Edition up to and including 2.1.8, the local www-data user has sudo privileges to execute grep as root without a password, which allows an malicious user to obtain sensitive information via a grep of a /root/*.db or ...
Quickbox Quickbox
9
CVSSv2
CVE-2020-13448
QuickBox Community Edition up to and including 2.5.5 and Pro Edition up to and including 2.1.8 allows an authenticated remote malicious user to execute code on the server via command injection in the servicestart parameter.
Quickbox Quickbox
9
CVSSv2
CVE-2020-13694
In QuickBox Community Edition up to and including 2.5.5 and Pro Edition up to and including 2.1.8, the local www-data user can execute sudo mysql without a password, which means that the www-data user can execute arbitrary OS commands via the mysql -e option.
Quickbox Quickbox
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started