Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
14 vulnerabilities by qibosoft
CVE-2025-22973 (GCVE-0-2025-22973)
Vulnerability from cvelistv5 – Published: 2025-02-20 00:00 – Updated: 2025-02-21 17:35
VLAI
Summary
An issue in QiboSoft QiboCMS X1.0 allows a remote attacker to obtain sensitive information via the http_curl() function in the '/application/common. php' file that directly retrieves the URL request response content.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
1 reference
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-22973",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-21T17:34:46.723726Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-21T17:35:25.966Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue in QiboSoft QiboCMS X1.0 allows a remote attacker to obtain sensitive information via the http_curl() function in the \u0027/application/common. php\u0027 file that directly retrieves the URL request response content."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-20T22:17:37.271Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/202110420106/CVE/blob/master/CVE-2025-22973.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-22973",
"datePublished": "2025-02-20T00:00:00.000Z",
"dateReserved": "2025-01-09T00:00:00.000Z",
"dateUpdated": "2025-02-21T17:35:25.966Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1225 (GCVE-0-2024-1225)
Vulnerability from cvelistv5 – Published: 2024-02-05 13:00 – Updated: 2025-05-15 19:47
VLAI
Title
QiboSoft QiboCMS X1 Pay.php rmb_pay deserialization
Summary
A vulnerability classified as critical was found in QiboSoft QiboCMS X1 up to 1.0.6. Affected by this vulnerability is the function rmb_pay of the file /application/index/controller/Pay.php. The manipulation of the argument callback_class leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252847. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity
7.3 (High)
7.3 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-502 - Deserialization
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.252847 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.252847 | signaturepermissions-required |
| https://note.zhaoj.in/share/jDWk6INLzO12 | broken-linkexploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| QiboSoft | QiboCMS X1 |
Affected:
1.0.0
Affected: 1.0.1 Affected: 1.0.2 Affected: 1.0.3 Affected: 1.0.4 Affected: 1.0.5 Affected: 1.0.6 |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:33:25.411Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.252847"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.252847"
},
{
"tags": [
"broken-link",
"exploit",
"x_transferred"
],
"url": "https://note.zhaoj.in/share/jDWk6INLzO12"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1225",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T15:42:21.046434Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-15T19:47:21.129Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "QiboCMS X1",
"vendor": "QiboSoft",
"versions": [
{
"status": "affected",
"version": "1.0.0"
},
{
"status": "affected",
"version": "1.0.1"
},
{
"status": "affected",
"version": "1.0.2"
},
{
"status": "affected",
"version": "1.0.3"
},
{
"status": "affected",
"version": "1.0.4"
},
{
"status": "affected",
"version": "1.0.5"
},
{
"status": "affected",
"version": "1.0.6"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "glzjin (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in QiboSoft QiboCMS X1 up to 1.0.6. Affected by this vulnerability is the function rmb_pay of the file /application/index/controller/Pay.php. The manipulation of the argument callback_class leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252847. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In QiboSoft QiboCMS X1 bis 1.0.6 wurde eine kritische Schwachstelle entdeckt. Betroffen ist die Funktion rmb_pay der Datei /application/index/controller/Pay.php. Dank Manipulation des Arguments callback_class mit unbekannten Daten kann eine deserialization-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-09T19:14:05.373Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.252847"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.252847"
},
{
"tags": [
"broken-link",
"exploit"
],
"url": "https://note.zhaoj.in/share/jDWk6INLzO12"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-02-05T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-02-05T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-02-05T09:34:08.000Z",
"value": "VulDB entry last update"
}
],
"title": "QiboSoft QiboCMS X1 Pay.php rmb_pay deserialization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-1225",
"datePublished": "2024-02-05T13:00:05.298Z",
"dateReserved": "2024-02-05T08:29:00.218Z",
"dateUpdated": "2025-05-15T19:47:21.129Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-20808 (GCVE-0-2020-20808)
Vulnerability from cvelistv5 – Published: 2023-08-03 00:00 – Updated: 2024-10-17 18:40
VLAI
Summary
Cross Site Scripting vulnerability in Qibosoft qibosoft v.7 and before allows a remote attacker to execute arbitrary code via the eindtijd and starttijd parameters of do/search.php.
Severity
No CVSS data available.
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
Assigner
References
1 reference
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:22:25.574Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/alorfm/vuln/blob/master/qibosoft_cross_Site_Scripting.md"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-20808",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T18:40:22.514083Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T18:40:32.341Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in Qibosoft qibosoft v.7 and before allows a remote attacker to execute arbitrary code via the eindtijd and starttijd parameters of do/search.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-03T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/alorfm/vuln/blob/master/qibosoft_cross_Site_Scripting.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-20808",
"datePublished": "2023-08-03T00:00:00.000Z",
"dateReserved": "2020-08-13T00:00:00.000Z",
"dateUpdated": "2024-10-17T18:40:32.341Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-27037 (GCVE-0-2023-27037)
Vulnerability from cvelistv5 – Published: 2023-03-16 00:00 – Updated: 2025-02-26 16:25
VLAI
Summary
Qibosoft QiboCMS v7 was discovered to contain a remote code execution (RCE) vulnerability via the Get_Title function at label_set_rs.php
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
Assigner
References
1 reference
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:01:32.114Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/dienamer/vul/blob/main/2023-01-14.md"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-27037",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T16:24:40.400152Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T16:25:27.946Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Qibosoft QiboCMS v7 was discovered to contain a remote code execution (RCE) vulnerability via the Get_Title function at label_set_rs.php"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-16T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/dienamer/vul/blob/main/2023-01-14.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-27037",
"datePublished": "2023-03-16T00:00:00.000Z",
"dateReserved": "2023-02-27T00:00:00.000Z",
"dateUpdated": "2025-02-26T16:25:27.946Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-20946 (GCVE-0-2020-20946)
Vulnerability from cvelistv5 – Published: 2021-12-27 20:32 – Updated: 2024-08-04 14:22
VLAI
Summary
Qibosoft v7 contains a stored cross-site scripting (XSS) vulnerability in the component /admin/index.php?lfj=friendlink&action=add.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://blog.csdn.net/he_and/article/details/102698171 | x_refsource_MISC |
| http://www.qibosoft.com/downloadProduction.htm | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:22:25.523Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.csdn.net/he_and/article/details/102698171"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.qibosoft.com/downloadProduction.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Qibosoft v7 contains a stored cross-site scripting (XSS) vulnerability in the component /admin/index.php?lfj=friendlink\u0026action=add."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-27T20:32:59.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.csdn.net/he_and/article/details/102698171"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.qibosoft.com/downloadProduction.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-20946",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Qibosoft v7 contains a stored cross-site scripting (XSS) vulnerability in the component /admin/index.php?lfj=friendlink\u0026action=add."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.csdn.net/he_and/article/details/102698171",
"refsource": "MISC",
"url": "https://blog.csdn.net/he_and/article/details/102698171"
},
{
"name": "http://www.qibosoft.com/downloadProduction.htm",
"refsource": "MISC",
"url": "http://www.qibosoft.com/downloadProduction.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-20946",
"datePublished": "2021-12-27T20:32:59.000Z",
"dateReserved": "2020-08-13T00:00:00.000Z",
"dateUpdated": "2024-08-04T14:22:25.523Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-20944 (GCVE-0-2020-20944)
Vulnerability from cvelistv5 – Published: 2021-12-27 20:32 – Updated: 2024-08-04 14:22
VLAI
Summary
An issue in /admin/index.php?lfj=mysql&action=del of Qibosoft v7 allows attackers to arbitrarily delete files.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://blog.csdn.net/he_and/article/details/102698171 | x_refsource_MISC |
| http://www.qibosoft.com/downloadProduction.htm | x_refsource_MISC |
| https://cwe.mitre.org/data/definitions/23.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:22:25.366Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.csdn.net/he_and/article/details/102698171"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.qibosoft.com/downloadProduction.htm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cwe.mitre.org/data/definitions/23.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue in /admin/index.php?lfj=mysql\u0026action=del of Qibosoft v7 allows attackers to arbitrarily delete files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-10T20:18:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.csdn.net/he_and/article/details/102698171"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.qibosoft.com/downloadProduction.htm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cwe.mitre.org/data/definitions/23.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-20944",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue in /admin/index.php?lfj=mysql\u0026action=del of Qibosoft v7 allows attackers to arbitrarily delete files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.csdn.net/he_and/article/details/102698171",
"refsource": "MISC",
"url": "https://blog.csdn.net/he_and/article/details/102698171"
},
{
"name": "http://www.qibosoft.com/downloadProduction.htm",
"refsource": "MISC",
"url": "http://www.qibosoft.com/downloadProduction.htm"
},
{
"name": "https://cwe.mitre.org/data/definitions/23.html",
"refsource": "MISC",
"url": "https://cwe.mitre.org/data/definitions/23.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-20944",
"datePublished": "2021-12-27T20:32:58.000Z",
"dateReserved": "2020-08-13T00:00:00.000Z",
"dateUpdated": "2024-08-04T14:22:25.366Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-20945 (GCVE-0-2020-20945)
Vulnerability from cvelistv5 – Published: 2021-12-27 20:32 – Updated: 2024-08-04 14:22
VLAI
Summary
A Cross-Site Request Forgery (CSRF) in /admin/index.php?lfj=member&action=editmember of Qibosoft v7 allows attackers to arbitrarily add administrator accounts.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://blog.csdn.net/he_and/article/details/102698171 | x_refsource_MISC |
| http://www.qibosoft.com/downloadProduction.htm | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:22:25.480Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.csdn.net/he_and/article/details/102698171"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.qibosoft.com/downloadProduction.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Request Forgery (CSRF) in /admin/index.php?lfj=member\u0026action=editmember of Qibosoft v7 allows attackers to arbitrarily add administrator accounts."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-27T20:32:58.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.csdn.net/he_and/article/details/102698171"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.qibosoft.com/downloadProduction.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-20945",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-Site Request Forgery (CSRF) in /admin/index.php?lfj=member\u0026action=editmember of Qibosoft v7 allows attackers to arbitrarily add administrator accounts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.csdn.net/he_and/article/details/102698171",
"refsource": "MISC",
"url": "https://blog.csdn.net/he_and/article/details/102698171"
},
{
"name": "http://www.qibosoft.com/downloadProduction.htm",
"refsource": "MISC",
"url": "http://www.qibosoft.com/downloadProduction.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-20945",
"datePublished": "2021-12-27T20:32:58.000Z",
"dateReserved": "2020-08-13T00:00:00.000Z",
"dateUpdated": "2024-08-04T14:22:25.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-20943 (GCVE-0-2020-20943)
Vulnerability from cvelistv5 – Published: 2021-12-27 20:32 – Updated: 2024-08-04 14:22
VLAI
Summary
A Cross-Site Request Forgery (CSRF) in /member/post.php?job=postnew&step=post of Qibosoft v7 allows attackers to force victim users into arbitrarily publishing new articles via a crafted URL.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://blog.csdn.net/he_and/article/details/102698171 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:22:25.381Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.csdn.net/he_and/article/details/102698171"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Request Forgery (CSRF) in /member/post.php?job=postnew\u0026step=post of Qibosoft v7 allows attackers to force victim users into arbitrarily publishing new articles via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-27T20:32:57.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.csdn.net/he_and/article/details/102698171"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-20943",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-Site Request Forgery (CSRF) in /member/post.php?job=postnew\u0026step=post of Qibosoft v7 allows attackers to force victim users into arbitrarily publishing new articles via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.csdn.net/he_and/article/details/102698171",
"refsource": "MISC",
"url": "https://blog.csdn.net/he_and/article/details/102698171"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-20943",
"datePublished": "2021-12-27T20:32:57.000Z",
"dateReserved": "2020-08-13T00:00:00.000Z",
"dateUpdated": "2024-08-04T14:22:25.381Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27811 (GCVE-0-2021-27811)
Vulnerability from cvelistv5 – Published: 2021-05-21 17:11 – Updated: 2024-08-03 21:33
VLAI
Summary
A code injection vulnerability has been discovered in the Upgrade function of QibosoftX1 v1.0. An attacker is able execute arbitrary PHP code via exploitation of client_upgrade_edition.php and Upgrade.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/whiskey-jj/w2s2x2222.github.io… | x_refsource_MISC |
| https://www.cnvd.org.cn/flaw/show/2297879 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:33:15.915Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/whiskey-jj/w2s2x2222.github.io/issues/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cnvd.org.cn/flaw/show/2297879"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A code injection vulnerability has been discovered in the Upgrade function of QibosoftX1 v1.0. An attacker is able execute arbitrary PHP code via exploitation of client_upgrade_edition.php and Upgrade.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-21T17:11:47.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/whiskey-jj/w2s2x2222.github.io/issues/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cnvd.org.cn/flaw/show/2297879"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-27811",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A code injection vulnerability has been discovered in the Upgrade function of QibosoftX1 v1.0. An attacker is able execute arbitrary PHP code via exploitation of client_upgrade_edition.php and Upgrade.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/whiskey-jj/w2s2x2222.github.io/issues/2",
"refsource": "MISC",
"url": "https://github.com/whiskey-jj/w2s2x2222.github.io/issues/2"
},
{
"name": "https://www.cnvd.org.cn/flaw/show/2297879",
"refsource": "MISC",
"url": "https://www.cnvd.org.cn/flaw/show/2297879"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-27811",
"datePublished": "2021-05-21T17:11:47.000Z",
"dateReserved": "2021-03-01T00:00:00.000Z",
"dateUpdated": "2024-08-03T21:33:15.915Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-18022 (GCVE-0-2020-18022)
Vulnerability from cvelistv5 – Published: 2021-04-28 15:18 – Updated: 2024-08-04 14:00
VLAI
Summary
Cross Site Scripting (XSS) in Qibosoft QiboCMS v7 and earlier allows remote attackers to execute arbitrary code or obtain sensitive information by injecting arbitrary commands in a HTTP request to the "ewebeditor\3.1.1\kindeditor.js" component.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/hpj233/qibocms/blob/master/v7 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:00:49.112Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/hpj233/qibocms/blob/master/v7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) in Qibosoft QiboCMS v7 and earlier allows remote attackers to execute arbitrary code or obtain sensitive information by injecting arbitrary commands in a HTTP request to the \"ewebeditor\\3.1.1\\kindeditor.js\" component."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-28T15:18:42.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/hpj233/qibocms/blob/master/v7"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-18022",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross Site Scripting (XSS) in Qibosoft QiboCMS v7 and earlier allows remote attackers to execute arbitrary code or obtain sensitive information by injecting arbitrary commands in a HTTP request to the \"ewebeditor\\3.1.1\\kindeditor.js\" component."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/hpj233/qibocms/blob/master/v7",
"refsource": "MISC",
"url": "https://github.com/hpj233/qibocms/blob/master/v7"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-18022",
"datePublished": "2021-04-28T15:18:42.000Z",
"dateReserved": "2020-08-13T00:00:00.000Z",
"dateUpdated": "2024-08-04T14:00:49.112Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-17613 (GCVE-0-2019-17613)
Vulnerability from cvelistv5 – Published: 2019-10-15 22:56 – Updated: 2024-08-05 01:47
VLAI
Summary
qibosoft 7 allows remote code execution because do/jf.php makes eval calls. The attacker can use the Point Introduction Management feature to supply PHP code to be evaluated. Alternatively, the attacker can access admin/index.php?lfj=jfadmin&action=addjf via CSRF, as demonstrated by a payload in the content parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/Ers4tz/vuln/blob/master/qiboso… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:47:13.197Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Ers4tz/vuln/blob/master/qibosoft/qibosoft_v7_remote_code_execution.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "qibosoft 7 allows remote code execution because do/jf.php makes eval calls. The attacker can use the Point Introduction Management feature to supply PHP code to be evaluated. Alternatively, the attacker can access admin/index.php?lfj=jfadmin\u0026action=addjf via CSRF, as demonstrated by a payload in the content parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-15T22:56:23.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Ers4tz/vuln/blob/master/qibosoft/qibosoft_v7_remote_code_execution.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17613",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "qibosoft 7 allows remote code execution because do/jf.php makes eval calls. The attacker can use the Point Introduction Management feature to supply PHP code to be evaluated. Alternatively, the attacker can access admin/index.php?lfj=jfadmin\u0026action=addjf via CSRF, as demonstrated by a payload in the content parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Ers4tz/vuln/blob/master/qibosoft/qibosoft_v7_remote_code_execution.md",
"refsource": "MISC",
"url": "https://github.com/Ers4tz/vuln/blob/master/qibosoft/qibosoft_v7_remote_code_execution.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-17613",
"datePublished": "2019-10-15T22:56:23.000Z",
"dateReserved": "2019-10-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:47:13.197Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5725 (GCVE-0-2019-5725)
Vulnerability from cvelistv5 – Published: 2019-01-08 23:00 – Updated: 2024-09-16 23:46
VLAI
Summary
qibosoft through V7 allows remote attackers to read arbitrary files via the member/index.php main parameter, as demonstrated by SSRF to a URL on the same web site to read a .sql file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/novysodope/Qibosoft-CMS | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:01:52.200Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/novysodope/Qibosoft-CMS"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "qibosoft through V7 allows remote attackers to read arbitrary files via the member/index.php main parameter, as demonstrated by SSRF to a URL on the same web site to read a .sql file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-08T23:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/novysodope/Qibosoft-CMS"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5725",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "qibosoft through V7 allows remote attackers to read arbitrary files via the member/index.php main parameter, as demonstrated by SSRF to a URL on the same web site to read a .sql file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/novysodope/Qibosoft-CMS",
"refsource": "MISC",
"url": "https://github.com/novysodope/Qibosoft-CMS"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-5725",
"datePublished": "2019-01-08T23:00:00.000Z",
"dateReserved": "2019-01-08T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:46:53.125Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18201 (GCVE-0-2018-18201)
Vulnerability from cvelistv5 – Published: 2018-10-09 23:00 – Updated: 2024-08-05 11:01
VLAI
Summary
qibosoft V7.0 allows CSRF via admin/index.php?lfj=member&action=addmember to add a user account.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/yanchongchong/swallow/issues/2 | x_refsource_MISC |
Date Public
2018-10-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:01:14.887Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/yanchongchong/swallow/issues/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-10-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "qibosoft V7.0 allows CSRF via admin/index.php?lfj=member\u0026action=addmember to add a user account."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T23:57:02.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/yanchongchong/swallow/issues/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18201",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "qibosoft V7.0 allows CSRF via admin/index.php?lfj=member\u0026action=addmember to add a user account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/yanchongchong/swallow/issues/2",
"refsource": "MISC",
"url": "https://github.com/yanchongchong/swallow/issues/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18201",
"datePublished": "2018-10-09T23:00:00.000Z",
"dateReserved": "2018-10-09T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:01:14.887Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1064 (GCVE-0-2011-1064)
Vulnerability from cvelistv5 – Published: 2011-02-22 23:00 – Updated: 2024-08-06 22:14
VLAI
Summary
SQL injection vulnerability in member/list.php in qibosoft Qi Bo CMS 7 allows remote attackers to execute arbitrary SQL commands via the aidDB[] parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/46445 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/43396 | third-party-advisoryx_refsource_SECUNIA |
| http://bbs.wolvez.org/viewtopic.php?id=211 | x_refsource_MISC |
Date Public
2011-02-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:14:27.592Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "qibocms-list-sql-injection(65485)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65485"
},
{
"name": "46445",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46445"
},
{
"name": "43396",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43396"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bbs.wolvez.org/viewtopic.php?id=211"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in member/list.php in qibosoft Qi Bo CMS 7 allows remote attackers to execute arbitrary SQL commands via the aidDB[] parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "qibocms-list-sql-injection(65485)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65485"
},
{
"name": "46445",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46445"
},
{
"name": "43396",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43396"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bbs.wolvez.org/viewtopic.php?id=211"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1064",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in member/list.php in qibosoft Qi Bo CMS 7 allows remote attackers to execute arbitrary SQL commands via the aidDB[] parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "qibocms-list-sql-injection(65485)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65485"
},
{
"name": "46445",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46445"
},
{
"name": "43396",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43396"
},
{
"name": "http://bbs.wolvez.org/viewtopic.php?id=211",
"refsource": "MISC",
"url": "http://bbs.wolvez.org/viewtopic.php?id=211"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1064",
"datePublished": "2011-02-22T23:00:00.000Z",
"dateReserved": "2011-02-22T00:00:00.000Z",
"dateUpdated": "2024-08-06T22:14:27.592Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}