Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
qdpm vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-45856
qdPM 9.2 allows remote code execution by using the Add Attachments feature of Edit Project to upload a .php file to the /uploads URI.
Qdpm Qdpm 9.2
6.1
CVSSv3
CVE-2019-8390
qdPM 9.1 suffers from Cross-site Scripting (XSS) in the search[keywords] parameter.
Qdpm Qdpm 9.1
6.1
CVSSv3
CVE-2020-19515
qdPM V9.1 is vulnerable to Cross Site Scripting (XSS) via qdPM\install\modules\database_config.php.
Qdpm Qdpm 9.1
7.5
CVSSv3
CVE-2015-3881
Information disclosure issue in qdPM 8.3 allows remote malicious users to obtain sensitive information via a direct request to (1) core/config/databases.yml, (2) core/log/qdPM_prod.log, or (3) core/apps/qdPM/config/settings.yml.
Qdpm Qdpm 8.3
5.3
CVSSv3
CVE-2015-3882
qdPM 8.3 allows remote malicious users to obtain sensitive information via invalid ID value to index.php/users/info/id/[ID], which reveals the installation path in an error message.
Qdpm Qdpm 8.3
5.4
CVSSv3
CVE-2020-26166
The file upload functionality in qdPM 9.1 doesn't check the file description, which allows remote authenticated malicious users to inject web script or HTML via the attachments info parameter, aka XSS. This can occur during creation of a ticket, project, or task.
Qdpm Qdpm 9.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
hard-coded
CVE-2024-27202
NULL pointer dereference
CVE-2024-28075
CVE-2024-33608
CVE-2024-28889
CVE-2024-34572
template injection
CVE-2024-34351
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2