Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
qdpm qdpm vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2023-45855
qdPM 9.2 allows Directory Traversal to list files and directories by navigating to the /uploads URI.
Qdpm Qdpm 9.2
9.8
CVSSv3
CVE-2023-45856
qdPM 9.2 allows remote code execution by using the Add Attachments feature of Edit Project to upload a .php file to the /uploads URI.
Qdpm Qdpm 9.2
8.8
CVSSv3
CVE-2022-26180
qdPM 9.2 allows Cross-Site Request Forgery (CSRF) via the index.php/myAccount/update URI.
Qdpm Qdpm 9.2
6.1
CVSSv3
CVE-2020-19515
qdPM V9.1 is vulnerable to Cross Site Scripting (XSS) via qdPM\install\modules\database_config.php.
Qdpm Qdpm 9.1
5.4
CVSSv3
CVE-2020-18468
Cross Site Scripting (XSS) vulnerability exists in qdPM 9.1 in the Heading field found in the Login Page page under the General menu via a crafted website name by doing an authenticated POST HTTP request to /qdPM_9.1/index.php/configuration.
Qdpm Qdpm 9.1
8.8
CVSSv3
CVE-2020-26165
qdPM up to and including 9.1 allows PHP Object Injection via timeReportActions::executeExport in core/apps/qdPM/modules/timeReport/actions/actions.class.php because unserialize is used.
Qdpm Qdpm
5.4
CVSSv3
CVE-2020-26166
The file upload functionality in qdPM 9.1 doesn't check the file description, which allows remote authenticated malicious users to inject web script or HTML via the attachments info parameter, aka XSS. This can occur during creation of a ticket, project, or task.
Qdpm Qdpm 9.1
9.8
CVSSv3
CVE-2020-11811
In qdPM 9.1, an attacker can upload a malicious .php file to the server by exploiting the Add Profile Photo capability with a crafted content-type value. After that, the attacker can execute an arbitrary command on the server using this malicious file.
Qdpm Qdpm 9.1
5.4
CVSSv3
CVE-2020-11814
A Host Header Injection vulnerability in qdPM 9.1 may allow an malicious user to spoof a particular header and redirect users to malicious websites.
Qdpm Qdpm 9.1
8.8
CVSSv3
CVE-2020-7246
A remote code execution (RCE) vulnerability exists in qdPM 9.1 and previous versions. An attacker can upload a malicious PHP code file via the profile photo functionality, by leveraging a path traversal vulnerability in the users['photop_preview'] delete photo feature, ...
Qdpm Qdpm
1 EDB exploit
4 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »