Every CVE whose affected-product data names Quickbox, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2020-13448 — CVSS 8.8 (high): QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8 allows an authenticated remote attacker to execute code on the…
CVE-2020-13694 — CVSS 8.8 (high): In QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8, the local www-data user can execute sudo mysql without a…
CVE-2021-44981 — CVSS 8.8 (high): In QuickBox Pro v2.5.8 and below, the config.php file has a variable which takes a GET parameter value and parses it into a shell_exec('')…
CVE-2020-13695 — CVSS 7.2 (high): In QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8, the local www-data user has sudo privileges to execute grep as…
CVE-2021-45281 — CVSS 6.1 (medium): QuickBox Pro v2.4.8 contains a cross-site scripting (XSS) vulnerability at "adminuseredit.php?usertoedit=XSS", as the user supplied input…