Qibosoft

qibosoft

14 CVEs • 4 products

Products (4)

Click to collapse

Toggle

CVEs (14)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-22973 1Qibosoft 1Qibocms X1 Jun 18, 2025 Feb 20, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 An issue in QiboSoft QiboCMS X1.0 allows a remote attacker to obtain sensitive information via the http_curl() function in the '/application/common. php' file that directly retrieves the URL request response content.
CVE-2024-1225 1Qibosoft 1Qibocms X1 Nov 21, 2024 Feb 5, 2024 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A vulnerability classified as critical was found in QiboSoft QiboCMS X1 up to 1.0.6. Affected by this vulnerability is the function rmb_pay of the file /application/index/controller/Pay.php. The manipulation of the argum...Show more A vulnerability classified as critical was found in QiboSoft QiboCMS X1 up to 1.0.6. Affected by this vulnerability is the function rmb_pay of the file /application/index/controller/Pay.php. The manipulation of the argument callback_class leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252847. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2020-20808 1Qibosoft 1Qibosoft Nov 21, 2024 Aug 3, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Cross Site Scripting vulnerability in Qibosoft qibosoft v.7 and before allows a remote attacker to execute arbitrary code via the eindtijd and starttijd parameters of do/search.php.
CVE-2023-27037 1Qibosoft 1Qibocms Nov 21, 2024 Mar 16, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Qibosoft QiboCMS v7 was discovered to contain a remote code execution (RCE) vulnerability via the Get_Title function at label_set_rs.php
CVE-2020-20946 1Qibosoft 1Qibosoft Nov 21, 2024 Dec 27, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Qibosoft v7 contains a stored cross-site scripting (XSS) vulnerability in the component /admin/index.php?lfj=friendlink&action=add.
CVE-2020-20945 1Qibosoft 1Qibosoft Nov 21, 2024 Dec 27, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A Cross-Site Request Forgery (CSRF) in /admin/index.php?lfj=member&action=editmember of Qibosoft v7 allows attackers to arbitrarily add administrator accounts.
CVE-2020-20944 1Qibosoft 1Qibosoft Nov 21, 2024 Dec 27, 2021 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 An issue in /admin/index.php?lfj=mysql&action=del of Qibosoft v7 allows attackers to arbitrarily delete files.
CVE-2020-20943 1Qibosoft 1Qibosoft Nov 21, 2024 Dec 27, 2021 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 A Cross-Site Request Forgery (CSRF) in /member/post.php?job=postnew&step=post of Qibosoft v7 allows attackers to force victim users into arbitrarily publishing new articles via a crafted URL.
CVE-2021-27811 1Qibosoft 1Qibosoft Nov 21, 2024 May 21, 2021 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 A code injection vulnerability has been discovered in the Upgrade function of QibosoftX1 v1.0. An attacker is able execute arbitrary PHP code via exploitation of client_upgrade_edition.php and Upgrade.php.
CVE-2020-18022 1Qibosoft 1Qibocms Nov 21, 2024 Apr 28, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross Site Scripting (XSS) in Qibosoft QiboCMS v7 and earlier allows remote attackers to execute arbitrary code or obtain sensitive information by injecting arbitrary commands in a HTTP request to the "ewebeditor\3.1.1\k...Show more Cross Site Scripting (XSS) in Qibosoft QiboCMS v7 and earlier allows remote attackers to execute arbitrary code or obtain sensitive information by injecting arbitrary commands in a HTTP request to the "ewebeditor\3.1.1\kindeditor.js" component.Show less
CVE-2019-17613 1Qibosoft 1Qibosoft Nov 21, 2024 Oct 15, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 qibosoft 7 allows remote code execution because do/jf.php makes eval calls. The attacker can use the Point Introduction Management feature to supply PHP code to be evaluated. Alternatively, the attacker can access admin/...Show more qibosoft 7 allows remote code execution because do/jf.php makes eval calls. The attacker can use the Point Introduction Management feature to supply PHP code to be evaluated. Alternatively, the attacker can access admin/index.php?lfj=jfadmin&action=addjf via CSRF, as demonstrated by a payload in the content parameter.Show less
CVE-2019-5725 1Qibosoft 1Qibosoft Nov 21, 2024 Jan 8, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 qibosoft through V7 allows remote attackers to read arbitrary files via the member/index.php main parameter, as demonstrated by SSRF to a URL on the same web site to read a .sql file.
CVE-2018-18201 1Qibosoft 1Qibosoft Nov 21, 2024 Oct 9, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 qibosoft V7.0 allows CSRF via admin/index.php?lfj=member&action=addmember to add a user account.
CVE-2011-1064 1Qibosoft 1Qi Bo Cms Apr 29, 2026 Feb 23, 2011 N/A· v4 N/A· v3 6.8 MEDIUM· v2 SQL injection vulnerability in member/list.php in qibosoft Qi Bo CMS 7 allows remote attackers to execute arbitrary SQL commands via the aidDB[] parameter.