Lucene search
K

17 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-13725

Malware in sbrugna...

5.4CVSS5.5AI score0.00602EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/05/22 5:4 p.m.11 views

CVE-2020-20943

A Cross-Site Request Forgery CSRF in /member/post.php?job=postnew=post of Qibosoft v7 allows attackers to force victim users into arbitrarily publishing new articles via a crafted URL...

4.3CVSS6.9AI score0.00382EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 8:43 a.m.6 views

CVE-2019-5725

qibosoft through V7 allows remote attackers to read arbitrary files via the member/index.php main parameter, as demonstrated by SSRF to a URL on the same web site to read a .sql file...

7.5CVSS7AI score0.01493EPSS
Exploits1References1
NVD
NVD
added 2021/12/27 9:15 p.m.13 views

CVE-2020-20943

A Cross-Site Request Forgery CSRF in /member/post.php?job=postnew&step=post of Qibosoft v7 allows attackers to force victim users into arbitrarily publishing new articles via a crafted URL...

4.3CVSS0.00382EPSS
Exploits1References1
NVD
NVD
added 2021/12/27 9:15 p.m.19 views

CVE-2020-20945

A Cross-Site Request Forgery CSRF in /admin/index.php?lfj=member&action=editmember of Qibosoft v7 allows attackers to arbitrarily add administrator accounts...

8.8CVSS0.00555EPSS
Exploits1References2
NVD
NVD
added 2021/12/27 9:15 p.m.10 views

CVE-2020-20946

Qibosoft v7 contains a stored cross-site scripting XSS vulnerability in the component /admin/index.php?lfj=friendlink&action=add...

5.4CVSS0.00602EPSS
Exploits1References2
NVD
NVD
added 2021/12/27 9:15 p.m.19 views

CVE-2020-20944

An issue in /admin/index.php?lfj=mysql&action=del of Qibosoft v7 allows attackers to arbitrarily delete files...

9.1CVSS0.01958EPSS
Exploits1References3
Prion
Prion
added 2021/12/27 9:15 p.m.15 views

Cross site request forgery (csrf)

A Cross-Site Request Forgery CSRF in /admin/index.php?lfj=member&action=editmember of Qibosoft v7 allows attackers to arbitrarily add administrator accounts...

6.8CVSS8.7AI score0.00555EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2021/12/27 9:15 p.m.16 views

Cross site request forgery (csrf)

A Cross-Site Request Forgery CSRF in /member/post.php?job=postnew&step=post of Qibosoft v7 allows attackers to force victim users into arbitrarily publishing new articles via a crafted URL...

4.3CVSS4.6AI score0.00382EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2021/12/27 9:15 p.m.15 views

Design/Logic Flaw

An issue in /admin/index.php?lfj=mysql&action=del of Qibosoft v7 allows attackers to arbitrarily delete files...

6.4CVSS9AI score0.01958EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2021/12/27 8:32 p.m.49 views

CVE-2020-20946

CVE-2020-20946 affects Qibosoft v7 (CMS) with a stored XSS vulnerability in the admin path /admin/index.php?lfj=friendlink&action=add. The root cause is input data not validated in the friendlink/add handler, enabling injected client-side script execution. CVSS metrics indicate a Low to Medium ov...

5.4CVSS5.2AI score0.00602EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/12/27 8:32 p.m.21 views

CVE-2020-20946

Qibosoft v7 contains a stored cross-site scripting XSS vulnerability in the component /admin/index.php?lfj=friendlink&action=add...

5.3AI score0.00602EPSS
Exploits1References2
Cvelist
Cvelist
added 2021/12/27 8:32 p.m.17 views

CVE-2020-20945

A Cross-Site Request Forgery CSRF in /admin/index.php?lfj=member&action=editmember of Qibosoft v7 allows attackers to arbitrarily add administrator accounts...

8.8AI score0.00555EPSS
Exploits1References2
CVE
CVE
added 2021/12/27 8:32 p.m.63 views

CVE-2020-20944

Qibosoft v7 is affected by an arbitrary file deletion vulnerability via /admin/index.php?lfj=mysql&action=del. The root cause is the action=del parameter enabling deletion, as described in PT-2021-10556. Impact: potential unauthorized file removal. Remediation: restrict access to the /admin/index...

9.1CVSS9.1AI score0.01958EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2021/12/27 8:32 p.m.21 views

CVE-2020-20944

An issue in /admin/index.php?lfj=mysql&action=del of Qibosoft v7 allows attackers to arbitrarily delete files...

9.2AI score0.01958EPSS
Exploits1References3
Cvelist
Cvelist
added 2021/12/27 8:32 p.m.15 views

CVE-2020-20943

A Cross-Site Request Forgery CSRF in /member/post.php?job=postnew&step=post of Qibosoft v7 allows attackers to force victim users into arbitrarily publishing new articles via a crafted URL...

4.6AI score0.00382EPSS
Exploits1References1
CVE
CVE
added 2021/12/27 8:32 p.m.56 views

CVE-2020-20943

CVE-2020-20943 affects Qibosoft v7 (CMS). A CSRF flaw in the endpoint /member/post.php?job=postnew&step=post allows an attacker to coerce victims into arbitrarily publishing new articles via a crafted URL. The available connected documents confirm the vulnerability’ s existence and the affected c...

4.3CVSS4.5AI score0.00382EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder