Vulnerabilities > Qibosoft
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-02-05 | CVE-2024-1225 | Deserialization of Untrusted Data vulnerability in Qibosoft Qibocms X1 1.0.6 A vulnerability classified as critical was found in QiboSoft QiboCMS X1 up to 1.0.6. | 9.8 |
2023-08-03 | CVE-2020-20808 | Cross-site Scripting vulnerability in Qibosoft 7.0 Cross Site Scripting vulnerability in Qibosoft qibosoft v.7 and before allows a remote attacker to execute arbitrary code via the eindtijd and starttijd parameters of do/search.php. | 6.1 |
2023-03-16 | CVE-2023-27037 | SQL Injection vulnerability in Qibosoft Qibocms V7 Qibosoft QiboCMS v7 was discovered to contain a remote code execution (RCE) vulnerability via the Get_Title function at label_set_rs.php | 8.8 |
2021-12-27 | CVE-2020-20943 | Cross-Site Request Forgery (CSRF) vulnerability in Qibosoft 7.0 A Cross-Site Request Forgery (CSRF) in /member/post.php?job=postnew&step=post of Qibosoft v7 allows attackers to force victim users into arbitrarily publishing new articles via a crafted URL. | 4.3 |
2021-12-27 | CVE-2020-20944 | Path Traversal vulnerability in Qibosoft 7.0 An issue in /admin/index.php?lfj=mysql&action=del of Qibosoft v7 allows attackers to arbitrarily delete files. | 9.1 |
2021-12-27 | CVE-2020-20945 | Cross-Site Request Forgery (CSRF) vulnerability in Qibosoft 7.0 A Cross-Site Request Forgery (CSRF) in /admin/index.php?lfj=member&action=editmember of Qibosoft v7 allows attackers to arbitrarily add administrator accounts. | 8.8 |
2021-12-27 | CVE-2020-20946 | Cross-site Scripting vulnerability in Qibosoft 7.0 Qibosoft v7 contains a stored cross-site scripting (XSS) vulnerability in the component /admin/index.php?lfj=friendlink&action=add. | 5.4 |
2021-05-21 | CVE-2021-27811 | Code Injection vulnerability in Qibosoft 1.0 A code injection vulnerability has been discovered in the Upgrade function of QibosoftX1 v1.0. | 7.2 |
2021-04-28 | CVE-2020-18022 | Cross-site Scripting vulnerability in Qibosoft Qibocms V7 Cross Site Scripting (XSS) in Qibosoft QiboCMS v7 and earlier allows remote attackers to execute arbitrary code or obtain sensitive information by injecting arbitrary commands in a HTTP request to the "ewebeditor\3.1.1\kindeditor.js" component. | 6.1 |
2019-10-15 | CVE-2019-17613 | Code Injection vulnerability in Qibosoft 7.0 qibosoft 7 allows remote code execution because do/jf.php makes eval calls. | 9.8 |