Vulnerabilities > Qibosoft > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-08-03 CVE-2020-20808 Cross-site Scripting vulnerability in Qibosoft 7.0
Cross Site Scripting vulnerability in Qibosoft qibosoft v.7 and before allows a remote attacker to execute arbitrary code via the eindtijd and starttijd parameters of do/search.php.
network
low complexity
qibosoft CWE-79
6.1
6.1
2021-12-27 CVE-2020-20943 Cross-Site Request Forgery (CSRF) vulnerability in Qibosoft 7.0
A Cross-Site Request Forgery (CSRF) in /member/post.php?job=postnew&step=post of Qibosoft v7 allows attackers to force victim users into arbitrarily publishing new articles via a crafted URL.
network
qibosoft CWE-352
4.3
4.3
2021-12-27 CVE-2020-20945 Cross-Site Request Forgery (CSRF) vulnerability in Qibosoft 7.0
A Cross-Site Request Forgery (CSRF) in /admin/index.php?lfj=member&action=editmember of Qibosoft v7 allows attackers to arbitrarily add administrator accounts.
network
qibosoft CWE-352
6.8
6.8
2021-05-21 CVE-2021-27811 Code Injection vulnerability in Qibosoft 1.0
A code injection vulnerability has been discovered in the Upgrade function of QibosoftX1 v1.0.
network
low complexity
qibosoft CWE-94
6.5
6.5
2021-04-28 CVE-2020-18022 Cross-site Scripting vulnerability in Qibosoft Qibocms V7
Cross Site Scripting (XSS) in Qibosoft QiboCMS v7 and earlier allows remote attackers to execute arbitrary code or obtain sensitive information by injecting arbitrary commands in a HTTP request to the "ewebeditor\3.1.1\kindeditor.js" component.
network
qibosoft CWE-79
4.3
4.3
2019-01-08 CVE-2019-5725 Server-Side Request Forgery (SSRF) vulnerability in Qibosoft 7.0
qibosoft through V7 allows remote attackers to read arbitrary files via the member/index.php main parameter, as demonstrated by SSRF to a URL on the same web site to read a .sql file.
network
low complexity
qibosoft CWE-918
5.0
5.0
2018-10-09 CVE-2018-18201 Cross-Site Request Forgery (CSRF) vulnerability in Qibosoft 7.0
qibosoft V7.0 allows CSRF via admin/index.php?lfj=member&action=addmember to add a user account.
network
qibosoft CWE-352
6.8
6.8
2011-02-23 CVE-2011-1064 SQL Injection vulnerability in Qibosoft QI BO CMS 7
SQL injection vulnerability in member/list.php in qibosoft Qi Bo CMS 7 allows remote attackers to execute arbitrary SQL commands via the aidDB[] parameter.
network
qibosoft CWE-89
6.8
6.8