ibos

4 exploits Active since Jun 2021
CVE-2023-1278 GITEE LOW php
ibos < 4.5.5 - Cross-Site Scripting via accesstoken Parameter
A vulnerability, which was classified as problematic, has been found in IBOS up to 4.5.5. Affected by this issue is some unknown functionality of the file mobil/index.php. The manipulation of the argument accesstoken leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-222608.
1,962 stars
CVSS 3.5
CVE-2020-21786 GITEE CRITICAL php
IBOS 4.5.4 Open - Arbitrary File Inclusion via CronController.php
In IBOS 4.5.4 Open, Arbitrary File Inclusion causes getshell via /system/modules/dashboard/controllers/CronController.php.
1,962 stars
CVSS 9.8
CVE-2020-21785 GITEE HIGH php
IBOS 4.5.4 Open - OS Command Injection via Database Backup
In IBOS 4.5.4 Open, the database backup has Command Injection Vulnerability.
1,962 stars
CVSS 8.8
CVE-2020-21783 GITEE MEDIUM php
IBOS 4.5.4 - Cross-Site Scripting via Email Body Content Parameter
In IBOS 4.5.4 the email function has a cross site scripting (XSS) vulnerability in emailbody[content] parameter.
1,962 stars
CVSS 6.1