Vulnerabilities > Qibosoft

DATE CVE VULNERABILITY TITLE RISK
2024-02-05 CVE-2024-1225 Deserialization of Untrusted Data vulnerability in Qibosoft Qibocms X1 1.0.6
A vulnerability classified as critical was found in QiboSoft QiboCMS X1 up to 1.0.6.
network
low complexity
qibosoft CWE-502
critical
9.8
2023-08-03 CVE-2020-20808 Cross-site Scripting vulnerability in Qibosoft 7.0
Cross Site Scripting vulnerability in Qibosoft qibosoft v.7 and before allows a remote attacker to execute arbitrary code via the eindtijd and starttijd parameters of do/search.php.
network
low complexity
qibosoft CWE-79
6.1
2023-03-16 CVE-2023-27037 SQL Injection vulnerability in Qibosoft Qibocms V7
Qibosoft QiboCMS v7 was discovered to contain a remote code execution (RCE) vulnerability via the Get_Title function at label_set_rs.php
network
low complexity
qibosoft CWE-89
8.8
2021-12-27 CVE-2020-20943 Cross-Site Request Forgery (CSRF) vulnerability in Qibosoft 7.0
A Cross-Site Request Forgery (CSRF) in /member/post.php?job=postnew&step=post of Qibosoft v7 allows attackers to force victim users into arbitrarily publishing new articles via a crafted URL.
network
low complexity
qibosoft CWE-352
4.3
2021-12-27 CVE-2020-20944 Path Traversal vulnerability in Qibosoft 7.0
An issue in /admin/index.php?lfj=mysql&action=del of Qibosoft v7 allows attackers to arbitrarily delete files.
network
low complexity
qibosoft CWE-22
critical
9.1
2021-12-27 CVE-2020-20945 Cross-Site Request Forgery (CSRF) vulnerability in Qibosoft 7.0
A Cross-Site Request Forgery (CSRF) in /admin/index.php?lfj=member&action=editmember of Qibosoft v7 allows attackers to arbitrarily add administrator accounts.
network
low complexity
qibosoft CWE-352
8.8
2021-12-27 CVE-2020-20946 Cross-site Scripting vulnerability in Qibosoft 7.0
Qibosoft v7 contains a stored cross-site scripting (XSS) vulnerability in the component /admin/index.php?lfj=friendlink&action=add.
network
low complexity
qibosoft CWE-79
5.4
2021-05-21 CVE-2021-27811 Code Injection vulnerability in Qibosoft 1.0
A code injection vulnerability has been discovered in the Upgrade function of QibosoftX1 v1.0.
network
low complexity
qibosoft CWE-94
7.2
2021-04-28 CVE-2020-18022 Cross-site Scripting vulnerability in Qibosoft Qibocms V7
Cross Site Scripting (XSS) in Qibosoft QiboCMS v7 and earlier allows remote attackers to execute arbitrary code or obtain sensitive information by injecting arbitrary commands in a HTTP request to the "ewebeditor\3.1.1\kindeditor.js" component.
network
low complexity
qibosoft CWE-79
6.1
2019-10-15 CVE-2019-17613 Code Injection vulnerability in Qibosoft 7.0
qibosoft 7 allows remote code execution because do/jf.php makes eval calls.
network
low complexity
qibosoft CWE-94
critical
9.8