COOEY // HUBcompliance · community · intelligence

FAIL › dossier

qcubed vendor

2
failure events
0
zero-days
1
RCEs
0
on KEV
2
critical
50
worst shame

Dossier not yet built — the RAG curator builds one for players with ≥2 failure events (factory/dossier.py). The failure history and sentiment below are live.

Failure history 4 events

DateEventSevFlagsShameSummary
2021-03-04 CVE-2020-24914 critical ⚡RCE 50 A PHP object injection bug in profile.php in qcubed (all versions including 3.1.1) unserializes the untrusted data of the POST-variable "strProfileData" and allows an unauthenticated attacker to execute code via a crafted POST request.
2021-03-04 CVE-2020-24914 critical ⚡RCE 50 A PHP object injection bug in profile.php in qcubed (all versions including 3.1.1) unserializes the untrusted data of the POST-variable "strProfileData" and allows an unauthenticated attacker to execute code via a crafted POST request.
2021-03-04 CVE-2020-24913 critical 35 A SQL injection vulnerability in qcubed (all versions including 3.1.1) in profile.php via the strQuery parameter allows an unauthenticated attacker to access the database by injecting SQL code via a crafted POST request.
2021-03-04 CVE-2020-24913 critical 35 A SQL injection vulnerability in qcubed (all versions including 3.1.1) in profile.php via the strQuery parameter allows an unauthenticated attacker to access the database by injecting SQL code via a crafted POST request.

Sentiment · trusted sources