QiboCMS
by Qibosoft
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-22973 | 0.00 | — | 0.00 | Feb 20, 2025 | An issue in QiboSoft QiboCMS X1.0 allows a remote attacker to obtain sensitive information via the http_curl() function in the '/application/common. php' file that directly retrieves the URL request response content. | |||
| CVE-2024-1225 | 0.00 | — | 0.00 | Feb 5, 2024 | A vulnerability classified as critical was found in QiboSoft QiboCMS X1 up to 1.0.6. Affected by this vulnerability is the function rmb_pay of the file /application/index/controller/Pay.php. The manipulation of the argument callback_class leads to deserialization. The attack can… | |||
| CVE-2023-27037 | 0.00 | — | 0.03 | Mar 16, 2023 | Qibosoft QiboCMS v7 was discovered to contain a remote code execution (RCE) vulnerability via the Get_Title function at label_set_rs.php | |||
| CVE-2020-18022 | 0.00 | — | 0.01 | Apr 28, 2021 | Cross Site Scripting (XSS) in Qibosoft QiboCMS v7 and earlier allows remote attackers to execute arbitrary code or obtain sensitive information by injecting arbitrary commands in a HTTP request to the "ewebeditor\3.1.1\kindeditor.js" component. | |||
| CVE-2011-1064 | 0.00 | — | 0.00 | Feb 23, 2011 | SQL injection vulnerability in member/list.php in qibosoft Qi Bo CMS 7 allows remote attackers to execute arbitrary SQL commands via the aidDB[] parameter. |
- CVE-2025-22973Feb 20, 2025risk 0.00cvss —epss 0.00
An issue in QiboSoft QiboCMS X1.0 allows a remote attacker to obtain sensitive information via the http_curl() function in the '/application/common. php' file that directly retrieves the URL request response content.
- CVE-2024-1225Feb 5, 2024risk 0.00cvss —epss 0.00
A vulnerability classified as critical was found in QiboSoft QiboCMS X1 up to 1.0.6. Affected by this vulnerability is the function rmb_pay of the file /application/index/controller/Pay.php. The manipulation of the argument callback_class leads to deserialization. The attack can…
- CVE-2023-27037Mar 16, 2023risk 0.00cvss —epss 0.03
Qibosoft QiboCMS v7 was discovered to contain a remote code execution (RCE) vulnerability via the Get_Title function at label_set_rs.php
- CVE-2020-18022Apr 28, 2021risk 0.00cvss —epss 0.01
Cross Site Scripting (XSS) in Qibosoft QiboCMS v7 and earlier allows remote attackers to execute arbitrary code or obtain sensitive information by injecting arbitrary commands in a HTTP request to the "ewebeditor\3.1.1\kindeditor.js" component.
- CVE-2011-1064Feb 23, 2011risk 0.00cvss —epss 0.00
SQL injection vulnerability in member/list.php in qibosoft Qi Bo CMS 7 allows remote attackers to execute arbitrary SQL commands via the aidDB[] parameter.