edit-icon download-icon

[Vulnerability notice] Remote code execution vulnerability in QiboCMS

Last Updated: May 07, 2018

Description

QiboCMS is an open-source content management system featured for its unique visualized tags.

QiboCMS does not impose complete filtering for the content of the hr/listperson.php variable. As a result, the variable may contain any local file. Hackers can upload malicious files by using avatar upload or other features to run PHP code on the website.

Fix

Upgrade QiboCMS to the latest version from the official website.

Thank you! We've received your feedback.