CVE-2026-6649

Name of the Vulnerable Software and Affected Versions Qibo CMS version 1.0

Description An issue in the '/index/image/headers' file allows for server-side request forgery, a flaw where an attacker can induce the server-side application to make requests to an unintended location. This can be achieved remotely by manipulating the starts argument.

Recommendations As a temporary workaround, avoid using the starts argument in the '/index/image/headers' endpoint until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.