Qibosoft: >> Qibosoft >> 1.0 Security Vulnerabilities
A code injection vulnerability has been discovered in the Upgrade function of QibosoftX1 v1.0. An attacker is able execute arbitrary PHP code via exploitation of client_upgrade_edition.php and Upgrade.php.
CVSS Score
7.2
EPSS Score
0.005
Published
2021-05-21
qibosoft through V7 allows remote attackers to read arbitrary files via the member/index.php main parameter, as demonstrated by SSRF to a URL on the same web site to read a .sql file.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-01-08