Lucene search

K
prionPRIOn knowledge basePRION:CVE-2024-1225
HistoryFeb 05, 2024 - 1:15 p.m.

Deserialization of untrusted data

2024-02-0513:15:00
PRIOn knowledge base
www.prio-n.com
9
vulnerability
qibosoft qibocms x1
remote attack
deserialization
function rmb_pay
identifier vdb-252847
disclosure
vendor

7.1 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

28.0%

A vulnerability classified as critical was found in QiboSoft QiboCMS X1 up to 1.0.6. Affected by this vulnerability is the function rmb_pay of the file /application/index/controller/Pay.php. The manipulation of the argument callback_class leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252847. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CPENameOperatorVersion
qibocms_x1le1.0.6

7.1 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

28.0%

Related for PRION:CVE-2024-1225