Vulnerabilities > CVE-2019-5725 - Server-Side Request Forgery (SSRF) vulnerability in Qibosoft 1.0/7.0

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

qibosoft

CWE-918

NVD

Published: 2019-01-08

Updated: 2019-02-04

Summary

qibosoft through V7 allows remote attackers to read arbitrary files via the member/index.php main parameter, as demonstrated by SSRF to a URL on the same web site to read a .sql file.

Vulnerable Configurations

Part	Description	Count
Application	Qibosoft Qibosoft Qibosoft 1.0 Qibosoft Qibosoft 7.0	2

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

References

https://github.com/novysodope/Qibosoft-CMS