Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
qdpm qdpm vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2020-26165
qdPM up to and including 9.1 allows PHP Object Injection via timeReportActions::executeExport in core/apps/qdPM/modules/timeReport/actions/actions.class.php because unserialize is used.
Qdpm Qdpm
6.5
CVSSv2
CVE-2020-7246
A remote code execution (RCE) vulnerability exists in qdPM 9.1 and previous versions. An attacker can upload a malicious PHP code file via the profile photo functionality, by leveraging a path traversal vulnerability in the users['photop_preview'] delete photo feature, ...
Qdpm Qdpm
1 EDB exploit
4 Github repositories
6.5
CVSSv2
CVE-2015-3884
Unrestricted file upload vulnerability in the (1) myAccount, (2) projects, (3) tasks, (4) tickets, (5) discussions, (6) reports, and (7) scheduler pages in qdPM 8.3 allows remote malicious users to execute arbitrary code by uploading a file with an executable extension, then acce...
Qdpm Qdpm
1 Metasploit module
1 Github repository
5
CVSSv2
CVE-2015-3881
Information disclosure issue in qdPM 8.3 allows remote malicious users to obtain sensitive information via a direct request to (1) core/config/databases.yml, (2) core/log/qdPM_prod.log, or (3) core/apps/qdPM/config/settings.yml.
Qdpm Qdpm 8.3
5
CVSSv2
CVE-2015-3882
qdPM 8.3 allows remote malicious users to obtain sensitive information via invalid ID value to index.php/users/info/id/[ID], which reveals the installation path in an error message.
Qdpm Qdpm 8.3
4.3
CVSSv2
CVE-2015-3883
Multiple cross-site scripting (XSS) vulnerabilities in qdPM 8.3 allow remote malicious users to inject arbitrary web script or HTML via the (1) search[keywords] parameter to index.php/users page; the (2) "Name of application" on index.php/configuration; (3) a new projec...
Qdpm Qdpm 8.3
6.8
CVSSv2
CVE-2022-26180
qdPM 9.2 allows Cross-Site Request Forgery (CSRF) via the index.php/myAccount/update URI.
Qdpm Qdpm 9.2
NA
CVE-2023-45856
qdPM 9.2 allows remote code execution by using the Add Attachments feature of Edit Project to upload a .php file to the /uploads URI.
Qdpm Qdpm 9.2
3.5
CVSSv2
CVE-2020-18468
Cross Site Scripting (XSS) vulnerability exists in qdPM 9.1 in the Heading field found in the Login Page page under the General menu via a crafted website name by doing an authenticated POST HTTP request to /qdPM_9.1/index.php/configuration.
Qdpm Qdpm 9.1
4.3
CVSSv2
CVE-2019-8391
qdPM 9.1 suffers from Cross-site Scripting (XSS) via configuration?type=[XSS] parameter.
Qdpm Qdpm 9.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
CVE-2006-4304
CVE-2023-26603
CVE-2024-28327
CVE-2023-50363
CVE-2024-21905
template injection
CVE-2024-3400
cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »