PT-2021-3652 · Unknown · Qibosoftx1
Published
2021-05-21
·
Updated
2021-06-03
·
CVE-2021-27811
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
QibosoftX1 version 1.0
Description
A code injection issue has been found in the Upgrade function, related to incorrect code generation management in components such as
client upgrade edition.php and Upgrade.php. This allows an attacker to execute arbitrary PHP code.Recommendations
For QibosoftX1 version 1.0, consider disabling the Upgrade function temporarily until a patch is available to prevent exploitation. Restrict access to the
client upgrade edition.php and Upgrade.php components to minimize the risk of arbitrary PHP code execution.Exploit
Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Qibosoftx1