Vulnerabilities > Qibosoft

DATE	CVE	VULNERABILITY TITLE	RISK
2024-02-05	CVE-2024-1225	Deserialization of Untrusted Data vulnerability in Qibosoft Qibocms X1 1.0.6 A vulnerability classified as critical was found in QiboSoft QiboCMS X1 up to 1.0.6. network low complexity qibosoft CWE-502 critical	9.8
2023-08-03	CVE-2020-20808	Cross-site Scripting vulnerability in Qibosoft 7.0 Cross Site Scripting vulnerability in Qibosoft qibosoft v.7 and before allows a remote attacker to execute arbitrary code via the eindtijd and starttijd parameters of do/search.php. network low complexity qibosoft CWE-79	6.1
2023-03-16	CVE-2023-27037	SQL Injection vulnerability in Qibosoft Qibocms V7 Qibosoft QiboCMS v7 was discovered to contain a remote code execution (RCE) vulnerability via the Get_Title function at label_set_rs.php network low complexity qibosoft CWE-89	8.8
2021-12-27	CVE-2020-20943	Cross-Site Request Forgery (CSRF) vulnerability in Qibosoft 7.0 A Cross-Site Request Forgery (CSRF) in /member/post.php?job=postnew&step=post of Qibosoft v7 allows attackers to force victim users into arbitrarily publishing new articles via a crafted URL. network low complexity qibosoft CWE-352	4.3
2021-12-27	CVE-2020-20944	Path Traversal vulnerability in Qibosoft 7.0 An issue in /admin/index.php?lfj=mysql&action=del of Qibosoft v7 allows attackers to arbitrarily delete files. network low complexity qibosoft CWE-22 critical	9.1
2021-12-27	CVE-2020-20945	Cross-Site Request Forgery (CSRF) vulnerability in Qibosoft 7.0 A Cross-Site Request Forgery (CSRF) in /admin/index.php?lfj=member&action=editmember of Qibosoft v7 allows attackers to arbitrarily add administrator accounts. network low complexity qibosoft CWE-352	8.8
2021-12-27	CVE-2020-20946	Cross-site Scripting vulnerability in Qibosoft 7.0 Qibosoft v7 contains a stored cross-site scripting (XSS) vulnerability in the component /admin/index.php?lfj=friendlink&action=add. network low complexity qibosoft CWE-79	5.4
2021-05-21	CVE-2021-27811	Code Injection vulnerability in Qibosoft 1.0 A code injection vulnerability has been discovered in the Upgrade function of QibosoftX1 v1.0. network low complexity qibosoft CWE-94	7.2
2021-04-28	CVE-2020-18022	Cross-site Scripting vulnerability in Qibosoft Qibocms V7 Cross Site Scripting (XSS) in Qibosoft QiboCMS v7 and earlier allows remote attackers to execute arbitrary code or obtain sensitive information by injecting arbitrary commands in a HTTP request to the "ewebeditor\3.1.1\kindeditor.js" component. network low complexity qibosoft CWE-79	6.1
2019-10-15	CVE-2019-17613	Code Injection vulnerability in Qibosoft 7.0 qibosoft 7 allows remote code execution because do/jf.php makes eval calls. network low complexity qibosoft CWE-94 critical	9.8

Vulnerabilities > Qibosoft {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Qibosoft"}]}

Vulnerabilities > Qibosoft