PT-2019-17833 · Qibosoft · Qibosoft
Published
2019-01-08
·
Updated
2019-02-04
·
CVE-2019-5725
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
qibosoft versions through V7
Description
The issue allows remote attackers to read arbitrary files via the
main parameter in member/index.php, which can be exploited through Server-Side Request Forgery (SSRF) to read sensitive files, such as .sql files, on the same web site.Recommendations
For versions through V7, restrict access to the
member/index.php endpoint to minimize the risk of exploitation, and avoid using the main parameter until the issue is resolved.Exploit
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Qibosoft