📦 Quick Cms

Name: Quick Cms
Author: Opensolution

by Opensolution

🔍 What is Quick Cms?

Description coming soon...

🛡️ Security Overview

Click on a severity to filter vulnerabilities

⚠️ Known Vulnerabilities

CVE-2024-58308

CRITICAL CVSS 9.8 Dec 11, 2025

CVE-2024-58308 is a critical SQL injection vulnerability in Quick.CMS 6.7 that allows unauthenticated attackers to bypass login authentication and gain administrative access. Attackers can inject SQL ...

CVE-2025-9982

HIGH CVSS 7.5 Nov 14, 2025

QuickCMS version 6.8 contains hardcoded admin credentials stored in plaintext within a configuration file. Attackers with access to the source code or server file system can retrieve these credentials...

CVE-2023-43345

HIGH CVSS 8.6 Oct 19, 2023

A stored cross-site scripting (XSS) vulnerability in opensolution Quick CMS v6.7 allows attackers to inject malicious scripts into the 'Content - Name' parameter in the Pages Menu component. When user...

CVE-2025-10018

MEDIUM CVSS 4.8 Nov 14, 2025

QuickCMS versions including 6.8 contain stored cross-site scripting (XSS) vulnerabilities in the language editor functionality. Attackers with admin privileges can inject malicious HTML and JavaScript...

CVE-2025-9981

MEDIUM CVSS 4.8 Oct 23, 2025

QuickCMS versions including 6.8 are vulnerable to stored cross-site scripting (XSS) in the slider editor functionality. An attacker with admin privileges can inject malicious HTML and JavaScript that ...

CVE-2025-54542

MEDIUM CVSS 5.5 Aug 28, 2025

QuickCMS transmits user credentials via GET requests instead of POST, exposing passwords and login information in browser history and server logs. This allows attackers with access to the victim's bro...

CVE-2025-54544

MEDIUM CVSS 4.8 Aug 28, 2025

QuickCMS versions including 6.8 are vulnerable to stored cross-site scripting (XSS) via the aDirFilesDescriptions parameter in the files editor. An attacker with admin privileges can inject malicious ...

CVE-2025-54540

MEDIUM CVSS 6.1 Aug 28, 2025

QuickCMS admin panel is vulnerable to reflected cross-site scripting (XSS) via the sSort parameter. An attacker can craft malicious URLs that execute arbitrary JavaScript in victims' browsers when ope...

CVE-2025-54172

MEDIUM CVSS 4.8 Aug 20, 2025

QuickCMS is vulnerable to stored cross-site scripting (XSS) in the sTitle parameter of the page editor functionality. An attacker with admin privileges can inject malicious HTML and JavaScript that ex...

CVE-2025-54174

MEDIUM CVSS 4.3 Aug 20, 2025

QuickCMS versions including 6.8 are vulnerable to Cross-Site Request Forgery (CSRF) in article creation functionality. This allows attackers to trick authenticated administrators into unknowingly crea...