CVE-2020-10578 — CVSS 7.5 (high): An arbitrary file read vulnerability exists in system/controller/backend/template.php in QCMS v3.0.1.
CVE-2025-50233 — CVSS 6.5 (medium): A vulnerability in QCMS version 6.0.5 allows authenticated users to read arbitrary files from the server due to insufficient validation of…
CVE-2018-14977 — CVSS 6.1 (medium): An issue was discovered in QCMS 3.0.1. upload/System/Controller/guest.php has XSS, as demonstrated by the name parameter, a different…