Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 9:16 a.m.7 views

CVE-2019-17613

qibosoft 7 allows remote code execution because do/jf.php makes eval calls. The attacker can use the Point Introduction Management feature to supply PHP code to be evaluated. Alternatively, the attacker can access admin/index.php?lfj=jfadmin=addjf via CSRF, as demonstrated by a payload in the...

9.8CVSS7.9AI score0.02857EPSS
Exploits1References1
NVD
NVD
added 2019/10/15 11:15 p.m.28 views

CVE-2019-17613

qibosoft 7 allows remote code execution because do/jf.php makes eval calls. The attacker can use the Point Introduction Management feature to supply PHP code to be evaluated. Alternatively, the attacker can access admin/index.php?lfj=jfadmin&action=addjf via CSRF, as demonstrated by a payload in...

9.8CVSS9.7AI score0.02857EPSS
Exploits1References1
OSV
OSV
added 2019/10/15 11:15 p.m.2 views

CVE-2019-17613

qibosoft 7 allows remote code execution because do/jf.php makes eval calls. The attacker can use the Point Introduction Management feature to supply PHP code to be evaluated. Alternatively, the attacker can access admin/index.php?lfj=jfadmin&action=addjf via CSRF, as demonstrated by a payload in...

9.8CVSS7.8AI score
Exploits0References1
Prion
Prion
added 2019/10/15 11:15 p.m.17 views

Cross site request forgery (csrf)

qibosoft 7 allows remote code execution because do/jf.php makes eval calls. The attacker can use the Point Introduction Management feature to supply PHP code to be evaluated. Alternatively, the attacker can access admin/index.php?lfj=jfadmin&action=addjf via CSRF, as demonstrated by a payload in...

7.5CVSS9.6AI score0.02857EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/10/15 10:56 p.m.29 views

CVE-2019-17613

qibosoft 7 allows remote code execution because do/jf.php makes eval calls. The attacker can use the Point Introduction Management feature to supply PHP code to be evaluated. Alternatively, the attacker can access admin/index.php?lfj=jfadmin&action=addjf via CSRF, as demonstrated by a payload in...

9.8AI score0.02857EPSS
Exploits1References1
CVE
CVE
added 2019/10/15 10:56 p.m.62 views

CVE-2019-17613

CVE-2019-17613 affects qibosoft 7. The vulnerability is due to do/jf.php performing eval on input, enabling remote code execution. An attacker can leverage the Point Introduction Management feature to inject PHP code to be evaluated, or exploit CSRF via admin/index.php?lfj=jfadmin&action=addjf (p...

9.8CVSS9.6AI score0.02857EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder