q-cms CVE Vulnerabilities & Metrics

Focus on q-cms vulnerabilities and metrics.

Last updated: 26 Nov 2025, 23:25 UTC

About q-cms Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with q-cms. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total q-cms CVEs: 12
Earliest CVE date: 06 Aug 2018, 15:29 UTC
Latest CVE date: 06 Aug 2025, 15:15 UTC

Latest CVE reference: CVE-2025-50233

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 1

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical q-cms CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 3.67

Max CVSS: 6.8

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	9
4.0-6.9	3
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS q-cms CVEs

These are the five CVEs with the highest CVSS scores for q-cms, sorted by severity first and recency.

CVE-2018-14978 q-cms Published on 06 Aug 2018, 15:29 UTC (CVSS: 6.8)
An issue was discovered in QCMS 3.0.1. CSRF exists via the backend/user/admin/add.html URI.
CVE-2020-10578 q-cms Published on 14 Mar 2020, 20:15 UTC (CVSS: 5.0)
An arbitrary file read vulnerability exists in system/controller/backend/template.php in QCMS v3.0.1.
CVE-2018-14977 q-cms Published on 06 Aug 2018, 15:29 UTC (CVSS: 4.3)
An issue was discovered in QCMS 3.0.1. upload/System/Controller/guest.php has XSS, as demonstrated by the name parameter, a different vulnerability than CVE-2018-8070.
CVE-2018-14976 q-cms Published on 06 Aug 2018, 15:29 UTC (CVSS: 3.5)
An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/category.php has XSS.
CVE-2018-14975 q-cms Published on 06 Aug 2018, 15:29 UTC (CVSS: 3.5)
An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/album.php has XSS.

All CVEs for q-cms

CVE-2025-50233 q-cms vulnerability CVSS: 0 06 Aug 2025, 15:15 UTC

A vulnerability in QCMS version 6.0.5 allows authenticated users to read arbitrary files from the server due to insufficient validation of the "Name" parameter in the backend template editor. By manipulating the parameter, attackers can perform directory traversal and access sensitive files outside the intended template directory, potentially exposing system configuration, PHP source code, or other sensitive information.

CVE-2020-10578 q-cms vulnerability CVSS: 5.0 14 Mar 2020, 20:15 UTC

An arbitrary file read vulnerability exists in system/controller/backend/template.php in QCMS v3.0.1.

CVE-2018-14978 q-cms vulnerability CVSS: 6.8 06 Aug 2018, 15:29 UTC

An issue was discovered in QCMS 3.0.1. CSRF exists via the backend/user/admin/add.html URI.

CVE-2018-14977 q-cms vulnerability CVSS: 4.3 06 Aug 2018, 15:29 UTC

An issue was discovered in QCMS 3.0.1. upload/System/Controller/guest.php has XSS, as demonstrated by the name parameter, a different vulnerability than CVE-2018-8070.

CVE-2018-14976 q-cms vulnerability CVSS: 3.5 06 Aug 2018, 15:29 UTC

An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/category.php has XSS.

CVE-2018-14975 q-cms vulnerability CVSS: 3.5 06 Aug 2018, 15:29 UTC

An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/album.php has XSS.

CVE-2018-14974 q-cms vulnerability CVSS: 3.5 06 Aug 2018, 15:29 UTC

An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/news.php has XSS.

CVE-2018-14973 q-cms vulnerability CVSS: 3.5 06 Aug 2018, 15:29 UTC

An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/product.php has XSS.

CVE-2018-14972 q-cms vulnerability CVSS: 3.5 06 Aug 2018, 15:29 UTC

An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/down.php has XSS.

CVE-2018-14971 q-cms vulnerability CVSS: 3.5 06 Aug 2018, 15:29 UTC

An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/user.php has XSS.

CVE-2018-14970 q-cms vulnerability CVSS: 3.5 06 Aug 2018, 15:29 UTC

An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/slideshow.php has XSS.

CVE-2018-14969 q-cms vulnerability CVSS: 3.5 06 Aug 2018, 15:29 UTC

An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/system.php has XSS.