novysodope/Qibosoft-CMS

Releases0

Vulnerability,Impact version<=7,Qibosoft all product

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2019-5725 ↗	Jan 8, 2019Tuesday, 8 January 2019, 23:29	—	5 MEDIUM
qibosoft through V7 allows remote attackers to read arbitrary files via the member/index.php main parameter, as demonstrated by SSRF to a URL on the same web site to read a .sql file.