Skip to main content

Qibosoft

4 CVEs product

Monthly

CVE-2021-27811 HIGH POC This Week

A code injection vulnerability has been discovered in the Upgrade function of QibosoftX1 v1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Code Injection Qibosoft
NVD GitHub
CVSS 3.1
7.2
EPSS
1.2%
CVE-2019-17613 CRITICAL POC Act Now

qibosoft 7 allows remote code execution because do/jf.php makes eval calls. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE CSRF Qibosoft
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2019-5725 HIGH POC This Week

qibosoft through V7 allows remote attackers to read arbitrary files via the member/index.php main parameter, as demonstrated by SSRF to a URL on the same web site to read a .sql file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SSRF Qibosoft
NVD GitHub
CVSS 3.0
7.5
EPSS
1.5%
CVE-2018-18201 HIGH POC This Week

qibosoft V7.0 allows CSRF via admin/index.php?lfj=member&action=addmember to add a user account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Qibosoft
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
EPSS 1% CVSS 7.2
HIGH POC This Week

A code injection vulnerability has been discovered in the Upgrade function of QibosoftX1 v1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Code Injection +1
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

qibosoft 7 allows remote code execution because do/jf.php makes eval calls. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE +2
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

qibosoft through V7 allows remote attackers to read arbitrary files via the member/index.php main parameter, as demonstrated by SSRF to a URL on the same web site to read a .sql file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SSRF Qibosoft
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC This Week

qibosoft V7.0 allows CSRF via admin/index.php?lfj=member&action=addmember to add a user account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Qibosoft
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy