CVE-2024-1225

Published: Feb 5, 2024Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A vulnerability classified as critical was found in QiboSoft QiboCMS X1 up to 1.0.6. Affected by this vulnerability is the function rmb_pay of the file /application/index/controller/Pay.php. The manipulation of the argument callback_class leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252847. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Affected (1)

Products: Qibosoft: Qibocms X1

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Qibosoft Qibocms X1	Up to 1.0.6

Related CWEs

Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (6)

https://note.zhaoj.in/share/jDWk6INLzO12

Source: cna@vuldb.com

Broken Link

https://vuldb.com/?ctiid.252847

Source: cna@vuldb.com

Third Party Advisory

https://vuldb.com/?id.252847

Source: cna@vuldb.com

Third Party Advisory

https://note.zhaoj.in/share/jDWk6INLzO12

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://vuldb.com/?ctiid.252847

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://vuldb.com/?id.252847

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.