CVE-2026-6649 | Qibo CMS 1.0 /index/image/headers starts server-side request forgery

Inserito da Angelo Barbosa | Apr 20, 2026 | CVE

A vulnerability categorized as critical has been discovered in Qibo CMS 1.0. Affected by this issue is some unknown functionality of the file /index/image/headers. Executing a manipulation of the argument starts can lead to server-side request forgery.

This vulnerability is tracked as CVE-2026-6649. The attack can be launched remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-6649 | Qibo CMS 1.0 /index/image/headers starts server-side request forgery

Post correlati

CVE-2023-6540 | Lenovo Browser Mobile/Browser HD on Android code injection

CVE-2024-48570 | Client Management System 1.0 bwdates-reports-ds.php Between Dates Reports sql injection

CVE-2025-1413 | Blackmagic Design DaVinci Resolve up to 19.1.2 on macOS File Permission privileges assignment

CVE-2026-5185 | Nothings stb_image up to 2.30 Multi-frame GIF File stb_image.h stbi__gif_load_next heap-based overflow