CVE-2025-22973

Name of the Vulnerable Software and Affected Versions QiboSoft QiboCMS version X1.0

Description An issue in QiboSoft QiboCMS allows a remote attacker to obtain sensitive information via the http curl() function in the '/application/common.php' file. This function directly retrieves the content of the URL request response.

Recommendations For QiboSoft QiboCMS version X1.0, consider disabling the http curl() function in the '/application/common.php' file as a temporary workaround until a patch is available. Restrict access to the '/application/common.php' file to minimize the risk of exploitation. Avoid using the http curl() function to retrieve sensitive information until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.