CVE-2023-27037
Published: 16 March 2023
Summary
CVE-2023-27037 is a high-severity SQL Injection (CWE-89) vulnerability in Qibosoft Qibocms. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 12.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
Qibosoft QiboCMS version 7 contains a remote code execution vulnerability in the Get_Title function at label_set_rs.php. The flaw is tracked as CVE-2023-27037 with a CVSS 3.1 score of 8.8 and is categorized under CWE-89. The affected component allows an attacker to reach code execution through this entry point in the content management system.
An authenticated user with low privileges can trigger the issue remotely over the network without user interaction, resulting in complete loss of confidentiality, integrity, and availability on the target installation.
EPSS for the CVE rose from lower values to a peak of 0.0765 on 2026-03-04 before receding to the current score of 0.0329, indicating a period of increased exploitation interest after disclosure. Public references consist of GitHub disclosures that do not include official patch or mitigation guidance.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-30826
Vulnerability details
Qibosoft QiboCMS v7 was discovered to contain a remote code execution (RCE) vulnerability via the Get_Title function at label_set_rs.php
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.