CVE-2021-27811
HIGHQibosoftX1 1.0 - Remote Code Execution via Upgrade Function
Title source: llmDescription
A code injection vulnerability has been discovered in the Upgrade function of QibosoftX1 v1.0. An attacker is able execute arbitrary PHP code via exploitation of client_upgrade_edition.php and Upgrade.php.
References (2)
Core 2
Core References
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/whiskey-jj/w2s2x2222.github.io/issues/2
Third Party Advisory x_refsource_misc
https://www.cnvd.org.cn/flaw/show/2297879
Scores
CVSS v3
7.2
EPSS
0.0120
EPSS Percentile
64.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-94
Status
published
Products (1)
qibosoft/qibosoft
1.0
Published
May 21, 2021
Tracked Since
Feb 18, 2026