📦 Xibo

An SQL injection vulnerability in Xibo CMS allows authenticated users to inject malicious SQL queries through API routes for importing JSON and Layouts containing DataSet data. This enables attackers ...

This path traversal vulnerability in Xibo CMS allows authenticated users to upload specially crafted ZIP files via the layout import function, enabling them to create files outside the intended direct...

An authenticated SQL injection vulnerability in Xibo CMS allows attackers to read and modify arbitrary database data by injecting malicious SQL into the 'formula' parameter when adding/editing DataSet...