{"vulnerability": "CVE-2020-2491", "sightings": [{"uuid": "5994c080-01ea-45ee-ad75-cf294e9ae61e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-24914", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-02-04)", "content": "", "creation_timestamp": "2025-02-04T00:00:00.000000Z"}, {"uuid": "6cc83990-31be-42f2-8d69-d29487ecad4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-24914", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2024-12-27)", "content": "", "creation_timestamp": "2024-12-27T00:00:00.000000Z"}, {"uuid": "21f4a75d-efe3-4c6a-a3c7-0034699e19d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-24914", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-01-26)", "content": "", "creation_timestamp": "2025-01-26T00:00:00.000000Z"}, {"uuid": "8e283090-027b-4346-9d18-d54144f53fee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-24914", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-02-16)", "content": "", "creation_timestamp": "2025-02-16T00:00:00.000000Z"}, {"uuid": "ead59e33-8c2d-46cd-9a36-55158cc1a215", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-24914", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-06-20)", "content": "", "creation_timestamp": "2025-06-20T00:00:00.000000Z"}, {"uuid": "1a438ef1-57b1-4776-b444-4abcd463a1a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-24914", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2020/CVE-2020-24914.yaml", "content": "", "creation_timestamp": "2025-07-20T06:00:01.000000Z"}, {"uuid": "16244ef6-6f5a-4e81-ab3c-2ff50c8c34c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-24914", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-10-01)", "content": "", "creation_timestamp": "2025-10-01T00:00:00.000000Z"}, {"uuid": "8c43d7e9-29aa-427f-bc95-00eb3b40e88d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-24914", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-01-04)", "content": "", "creation_timestamp": "2026-01-04T00:00:00.000000Z"}, {"uuid": "54e7d251-2742-45ae-b030-29be03e55aca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-24914", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-03-26)", "content": "", "creation_timestamp": "2026-03-26T00:00:00.000000Z"}, {"uuid": "a795e8f6-6b45-4619-a7ec-19b0fede69df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-24913", "type": "seen", "source": "https://t.me/arpsyndicate/4859", "content": "#ExploitObserverAlert\n\nCVE-2020-24913\n\nDESCRIPTION: Exploit Observer has 16 entries in 4 file formats related to CVE-2020-24913. A SQL injection vulnerability in qcubed (all versions including 3.1.1) in profile.php via the strQuery parameter allows an unauthenticated attacker to access the database by injecting SQL code via a crafted POST request.\n\nFIRST-EPSS: 0.002480000\nNVD-IS: 5.9\nNVD-ES: 3.9\nARPS-PRIORITY: 0.9634872", "creation_timestamp": "2024-04-25T20:42:14.000000Z"}, {"uuid": "e9e2dc54-a4a5-4533-acd6-5230dc42c202", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-24914", "type": "seen", "source": "https://t.me/arpsyndicate/4863", "content": "#ExploitObserverAlert\n\nCVE-2020-24914\n\nDESCRIPTION: Exploit Observer has 13 entries in 4 file formats related to CVE-2020-24914. A PHP object injection bug in profile.php in qcubed (all versions including 3.1.1) unserializes the untrusted data of the POST-variable \"strProfileData\" and allows an unauthenticated attacker to execute code via a crafted POST request.\n\nFIRST-EPSS: 0.016790000\nNVD-IS: 5.9\nNVD-ES: 3.9\nARPS-PRIORITY: 0.8646988", "creation_timestamp": "2024-04-25T21:02:24.000000Z"}, {"uuid": "67559f7a-58c8-42a7-a0fa-acf2533c7814", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-24913", "type": "published-proof-of-concept", "source": "Telegram/nDkGu6Dp5i6ryUUUcoMP1pNfnhsyQqgPRa1QKjOdLJu8WNk", "content": "", "creation_timestamp": "2025-05-12T05:00:06.000000Z"}, {"uuid": "7a1d1dfb-90af-4171-8f85-1eb95a3b6e9d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-24913", "type": "seen", "source": "https://t.me/cibsecurity/24447", "content": "\u203c CVE-2020-24913 \u203c\n\nA SQL injection vulnerability in qcubed (all versions including 3.1.1) in profile.php via the strQuery parameter allows an unauthenticated attacker to access the database by injecting SQL code via a crafted POST request.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-03-04T16:46:33.000000Z"}, {"uuid": "5c64b6d1-3452-4ba1-b990-cb7aa1acf66f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-24912", "type": "seen", "source": "https://t.me/cibsecurity/24446", "content": "\u203c CVE-2020-24912 \u203c\n\nA reflected cross-site scripting (XSS) vulnerability in qcubed (all versions including 3.1.1) in profile.php via the stQuery-parameter allows unauthenticated attackers to steal sessions of authenticated users.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-03-04T16:46:32.000000Z"}, {"uuid": "4256da1b-6dbd-4366-99fd-e7b7b1e1dc6e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-24914", "type": "seen", "source": "https://t.me/cibsecurity/24445", "content": "\u203c CVE-2020-24914 \u203c\n\nA PHP object injection bug in profile.php in qcubed (all versions including 3.1.1) unserializes the untrusted data of the POST-variable \"strProfileData\" and allows an unauthenticated attacker to execute code via a crafted POST request.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-03-04T16:46:31.000000Z"}, {"uuid": "1a9f947f-0482-494f-a09f-9c5351f8678f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-2491", "type": "seen", "source": "https://t.me/cibsecurity/18637", "content": "\u203c CVE-2020-2491 \u203c\n\nThis cross-site scripting vulnerability in Photo Station allows remote attackers to inject malicious code. QANP We have already fixed this vulnerability in the following versions of Photo Station. QTS 4.5.1: Photo Station 6.0.12 and later QTS 4.4.3: Photo Station 6.0.12 and later QTS 4.3.6: Photo Station 5.7.12 and later QTS 4.3.4: Photo Station 5.7.13 and later QTS 4.3.3: Photo Station 5.4.10 and later QTS 4.2.6: Photo Station 5.2.11 and later\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T10:25:18.000000Z"}, {"uuid": "dd06e1f1-0301-474c-8597-b354a04f9c46", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-2491", "type": "seen", "source": "https://t.me/cibsecurity/18597", "content": "\u203c CVE-2020-2491 \u203c\n\nThis cross-site scripting vulnerability in Photo Station allows remote attackers to inject malicious code. QANP We have already fixed this vulnerability in the following versions of Photo Station. QTS 4.5.1: Photo Station 6.0.12 and later QTS 4.4.3: Photo Station 6.0.12 and later QTS 4.3.6: Photo Station 5.7.12 and later QTS 4.3.4: Photo Station 5.7.13 and later QTS 4.3.3: Photo Station 5.4.10 and later QTS 4.2.6: Photo Station 5.2.11 and later\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T08:25:27.000000Z"}, {"uuid": "e38dcf6e-07e4-4de4-978f-7cbf37e26d82", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-2491", "type": "seen", "source": "https://t.me/cibsecurity/18577", "content": "\u203c CVE-2020-2491 \u203c\n\nThis cross-site scripting vulnerability in Photo Station allows remote attackers to inject malicious code. QANP We have already fixed this vulnerability in the following versions of Photo Station. QTS 4.5.1: Photo Station 6.0.12 and later QTS 4.4.3: Photo Station 6.0.12 and later QTS 4.3.6: Photo Station 5.7.12 and later QTS 4.3.4: Photo Station 5.7.13 and later QTS 4.3.3: Photo Station 5.4.10 and later QTS 4.2.6: Photo Station 5.2.11 and later\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T07:36:28.000000Z"}, {"uuid": "4dfde37c-1d35-41e6-bd21-69fbd3d67f0e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-2491", "type": "seen", "source": "https://t.me/cibsecurity/18557", "content": "\u203c CVE-2020-2491 \u203c\n\nThis cross-site scripting vulnerability in Photo Station allows remote attackers to inject malicious code. QANP We have already fixed this vulnerability in the following versions of Photo Station. QTS 4.5.1: Photo Station 6.0.12 and later QTS 4.4.3: Photo Station 6.0.12 and later QTS 4.3.6: Photo Station 5.7.12 and later QTS 4.3.4: Photo Station 5.7.13 and later QTS 4.3.3: Photo Station 5.4.10 and later QTS 4.2.6: Photo Station 5.2.11 and later\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T07:33:28.000000Z"}, {"uuid": "1f096969-4a96-49b3-912f-0a9390016a95", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-2491", "type": "seen", "source": "https://t.me/cibsecurity/18696", "content": "\u203c CVE-2020-2491 \u203c\n\nThis cross-site scripting vulnerability in Photo Station allows remote attackers to inject malicious code. QANP We have already fixed this vulnerability in the following versions of Photo Station. QTS 4.5.1: Photo Station 6.0.12 and later QTS 4.4.3: Photo Station 6.0.12 and later QTS 4.3.6: Photo Station 5.7.12 and later QTS 4.3.4: Photo Station 5.7.13 and later QTS 4.3.3: Photo Station 5.4.10 and later QTS 4.2.6: Photo Station 5.2.11 and later\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T12:25:21.000000Z"}, {"uuid": "938b988f-8df4-48f9-875d-75d5732ee813", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-2491", "type": "seen", "source": "https://t.me/cibsecurity/18676", "content": "\u203c CVE-2020-2491 \u203c\n\nThis cross-site scripting vulnerability in Photo Station allows remote attackers to inject malicious code. QANP We have already fixed this vulnerability in the following versions of Photo Station. QTS 4.5.1: Photo Station 6.0.12 and later QTS 4.4.3: Photo Station 6.0.12 and later QTS 4.3.6: Photo Station 5.7.12 and later QTS 4.3.4: Photo Station 5.7.13 and later QTS 4.3.3: Photo Station 5.4.10 and later QTS 4.2.6: Photo Station 5.2.11 and later\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T12:03:07.000000Z"}, {"uuid": "0c354296-fcef-4148-88e0-1a0ccd54d6cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-2491", "type": "seen", "source": "https://t.me/cibsecurity/18787", "content": "\u203c CVE-2020-2491 \u203c\n\nThis cross-site scripting vulnerability in Photo Station allows remote attackers to inject malicious code. QANP We have already fixed this vulnerability in the following versions of Photo Station. QTS 4.5.1: Photo Station 6.0.12 and later QTS 4.4.3: Photo Station 6.0.12 and later QTS 4.3.6: Photo Station 5.7.12 and later QTS 4.3.4: Photo Station 5.7.13 and later QTS 4.3.3: Photo Station 5.4.10 and later QTS 4.2.6: Photo Station 5.2.11 and later\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T14:25:03.000000Z"}, {"uuid": "fe828e99-c570-4425-b270-df50ae7da418", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-2491", "type": "seen", "source": "https://t.me/cibsecurity/18767", "content": "\u203c CVE-2020-2491 \u203c\n\nThis cross-site scripting vulnerability in Photo Station allows remote attackers to inject malicious code. QANP We have already fixed this vulnerability in the following versions of Photo Station. QTS 4.5.1: Photo Station 6.0.12 and later QTS 4.4.3: Photo Station 6.0.12 and later QTS 4.3.6: Photo Station 5.7.12 and later QTS 4.3.4: Photo Station 5.7.13 and later QTS 4.3.3: Photo Station 5.4.10 and later QTS 4.2.6: Photo Station 5.2.11 and later\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T14:03:02.000000Z"}, {"uuid": "e3a15420-098f-4c9e-859b-7fef55de9d7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-2491", "type": "seen", "source": "https://t.me/cibsecurity/18748", "content": "\u203c CVE-2020-2491 \u203c\n\nThis cross-site scripting vulnerability in Photo Station allows remote attackers to inject malicious code. QANP We have already fixed this vulnerability in the following versions of Photo Station. QTS 4.5.1: Photo Station 6.0.12 and later QTS 4.4.3: Photo Station 6.0.12 and later QTS 4.3.6: Photo Station 5.7.12 and later QTS 4.3.4: Photo Station 5.7.13 and later QTS 4.3.3: Photo Station 5.4.10 and later QTS 4.2.6: Photo Station 5.2.11 and later\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T13:25:10.000000Z"}, {"uuid": "32a2f8f6-3553-4e7a-87af-90433dfa939b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-2491", "type": "seen", "source": "https://t.me/cibsecurity/18728", "content": "\u203c CVE-2020-2491 \u203c\n\nThis cross-site scripting vulnerability in Photo Station allows remote attackers to inject malicious code. QANP We have already fixed this vulnerability in the following versions of Photo Station. QTS 4.5.1: Photo Station 6.0.12 and later QTS 4.4.3: Photo Station 6.0.12 and later QTS 4.3.6: Photo Station 5.7.12 and later QTS 4.3.4: Photo Station 5.7.13 and later QTS 4.3.3: Photo Station 5.4.10 and later QTS 4.2.6: Photo Station 5.2.11 and later\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T12:40:50.000000Z"}, {"uuid": "72145de8-64ca-4551-a481-f362a2d9baf0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-2491", "type": "seen", "source": "https://t.me/cibsecurity/18708", "content": "\u203c CVE-2020-2491 \u203c\n\nThis cross-site scripting vulnerability in Photo Station allows remote attackers to inject malicious code. QANP We have already fixed this vulnerability in the following versions of Photo Station. QTS 4.5.1: Photo Station 6.0.12 and later QTS 4.4.3: Photo Station 6.0.12 and later QTS 4.3.6: Photo Station 5.7.12 and later QTS 4.3.4: Photo Station 5.7.13 and later QTS 4.3.3: Photo Station 5.4.10 and later QTS 4.2.6: Photo Station 5.2.11 and later\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T12:33:31.000000Z"}, {"uuid": "c0e079fd-8d36-4938-83d5-51135bed3116", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-2491", "type": "seen", "source": "https://t.me/cibsecurity/18657", "content": "\u203c CVE-2020-2491 \u203c\n\nThis cross-site scripting vulnerability in Photo Station allows remote attackers to inject malicious code. QANP We have already fixed this vulnerability in the following versions of Photo Station. QTS 4.5.1: Photo Station 6.0.12 and later QTS 4.4.3: Photo Station 6.0.12 and later QTS 4.3.6: Photo Station 5.7.12 and later QTS 4.3.4: Photo Station 5.7.13 and later QTS 4.3.3: Photo Station 5.4.10 and later QTS 4.2.6: Photo Station 5.2.11 and later\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T11:25:31.000000Z"}]}