17 matches found
EUVD-2020-13725
Malware in sbrugna...
CVE-2020-20943
A Cross-Site Request Forgery CSRF in /member/post.php?job=postnew=post of Qibosoft v7 allows attackers to force victim users into arbitrarily publishing new articles via a crafted URL...
CVE-2019-5725
qibosoft through V7 allows remote attackers to read arbitrary files via the member/index.php main parameter, as demonstrated by SSRF to a URL on the same web site to read a .sql file...
CVE-2020-20943
A Cross-Site Request Forgery CSRF in /member/post.php?job=postnew&step=post of Qibosoft v7 allows attackers to force victim users into arbitrarily publishing new articles via a crafted URL...
CVE-2020-20945
A Cross-Site Request Forgery CSRF in /admin/index.php?lfj=member&action=editmember of Qibosoft v7 allows attackers to arbitrarily add administrator accounts...
CVE-2020-20946
Qibosoft v7 contains a stored cross-site scripting XSS vulnerability in the component /admin/index.php?lfj=friendlink&action=add...
CVE-2020-20944
An issue in /admin/index.php?lfj=mysql&action=del of Qibosoft v7 allows attackers to arbitrarily delete files...
Cross site request forgery (csrf)
A Cross-Site Request Forgery CSRF in /admin/index.php?lfj=member&action=editmember of Qibosoft v7 allows attackers to arbitrarily add administrator accounts...
Cross site request forgery (csrf)
A Cross-Site Request Forgery CSRF in /member/post.php?job=postnew&step=post of Qibosoft v7 allows attackers to force victim users into arbitrarily publishing new articles via a crafted URL...
Design/Logic Flaw
An issue in /admin/index.php?lfj=mysql&action=del of Qibosoft v7 allows attackers to arbitrarily delete files...
CVE-2020-20946
CVE-2020-20946 affects Qibosoft v7 (CMS) with a stored XSS vulnerability in the admin path /admin/index.php?lfj=friendlink&action=add. The root cause is input data not validated in the friendlink/add handler, enabling injected client-side script execution. CVSS metrics indicate a Low to Medium ov...
CVE-2020-20946
Qibosoft v7 contains a stored cross-site scripting XSS vulnerability in the component /admin/index.php?lfj=friendlink&action=add...
CVE-2020-20945
A Cross-Site Request Forgery CSRF in /admin/index.php?lfj=member&action=editmember of Qibosoft v7 allows attackers to arbitrarily add administrator accounts...
CVE-2020-20944
Qibosoft v7 is affected by an arbitrary file deletion vulnerability via /admin/index.php?lfj=mysql&action=del. The root cause is the action=del parameter enabling deletion, as described in PT-2021-10556. Impact: potential unauthorized file removal. Remediation: restrict access to the /admin/index...
CVE-2020-20944
An issue in /admin/index.php?lfj=mysql&action=del of Qibosoft v7 allows attackers to arbitrarily delete files...
CVE-2020-20943
A Cross-Site Request Forgery CSRF in /member/post.php?job=postnew&step=post of Qibosoft v7 allows attackers to force victim users into arbitrarily publishing new articles via a crafted URL...
CVE-2020-20943
CVE-2020-20943 affects Qibosoft v7 (CMS). A CSRF flaw in the endpoint /member/post.php?job=postnew&step=post allows an attacker to coerce victims into arbitrarily publishing new articles via a crafted URL. The available connected documents confirm the vulnerability’ s existence and the affected c...