CVE-2023-1278

A vulnerability, which was classified as problematic, has been found in IBOS up to 4.5.5. Affected by this issue is some unknown functionality of the file mobil/index.php. The manipulation of the argument accesstoken leads to cross site scripting. The attack may be launched remotely. The identifi...

CVE-2023-1744

A vulnerability classified as critical was found in IBOS 4.5.5. This vulnerability affects unknown code of the component htaccess Handler. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The...

CVE-2023-1747

A vulnerability has been found in IBOS up to 4.5.4 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /?r=email/api/mark=delFromSend. The manipulation of the argument emailids leads to sql injection. The attack can be launched remotely. The exploit...

CVE-2023-3449

A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. This vulnerability affects the function actionExport of the file ?r=recruit/interview/export=x of the component Interview Management Export. The manipulation of the argument interviews leads to sql injection. The exploit...

CVE-2023-3801

A vulnerability was found in IBOS OA 4.5.5. It has been declared as critical. Affected by this vulnerability is the function actionEdit of the file ?r=officialdoc/officialdoc/edit of the component Mobile Notification Handler. The manipulation leads to sql injection. The exploit has been disclosed...

CVE-2023-3621

A vulnerability was found in IBOS OA 4.5.5. It has been classified as critical. Affected is the function createDeleteCommand of the file ?r=article/default/delete of the component Delete Packet. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has...

CVE-2023-3478

A vulnerability classified as critical was found in IBOS OA 4.5.5. Affected by this vulnerability is the function actionEdit of the file ?r=dashboard/roleadmin/edit=member of the component Add User Handler. The manipulation of the argument id leads to sql injection. The attack can be launched...

CVE-2023-2107

A vulnerability, which was classified as critical, was found in IBOS 4.5.5. Affected is an unknown function of the file file/personal/del=recycle. The manipulation of the argument fids leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the publ...

CVE-2020-21785

In IBOS 4.5.4 Open, the database backup has Command Injection Vulnerability...

CVE-2020-21783

In IBOS 4.5.4 the email function has a cross site scripting XSS vulnerability in emailbodycontent parameter...

CVE-2020-21786

In IBOS 4.5.4 Open, Arbitrary File Inclusion causes getshell via /system/modules/dashboard/controllers/CronController.php...

CVE-2024-28265

IBOS v4.5.5 has an arbitrary file deletion vulnerability via \system\modules\dashboard\controllers\LoginController.php...

CVE-2024-28265

CVE-2024-28265 affects IBOS v4.5.5, which has an arbitrary file deletion vulnerability in the file system/modules/dashboard/controllers/LoginController.php. The CVE entry assigns a CVSS v3.1 base score of 9.1 (CRITICAL) with network attack vector, no authentication, high impact to integrity and a...

CVE-2024-28265

IBOS v4.5.5 has an arbitrary file deletion vulnerability via \system\modules\dashboard\controllers\LoginController.php...

CVE-2024-28265

IBOS v4.5.5 has an arbitrary file deletion vulnerability via \system\modules\dashboard\controllers\LoginController.php...

PT-2024-22370 · Ibos · Ibos

Name of the Vulnerable Software and Affected Versions: IBOS version 4.5.5 Description: IBOS version 4.5.5 contains an arbitrary file deletion vulnerability located in the systemmodulesdashboardcontrollersLoginController.php file. Recommendations: Update to a newer version of IBOS to address this...

ibos-haarstudio.de Cross Site Scripting vulnerability OBB-3722140

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2023-4852

A vulnerability was found in IBOS OA 4.5.5 and classified as critical. This issue affects some unknown processing of the file ?r=dashboard/database/optimize. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used...

CVE-2023-4852

A vulnerability was found in IBOS OA 4.5.5 and classified as critical. This issue affects some unknown processing of the file ?r=dashboard/database/optimize. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used...

Sql injection

A vulnerability was found in IBOS OA 4.5.5 and classified as critical. This issue affects some unknown processing of the file ?r=dashboard/database/optimize. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used...