Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
qdpm vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2019-8390
qdPM 9.1 suffers from Cross-site Scripting (XSS) in the search[keywords] parameter.
Qdpm Qdpm 9.1
10
CVSSv2
CVE-2020-11811
In qdPM 9.1, an attacker can upload a malicious .php file to the server by exploiting the Add Profile Photo capability with a crafted content-type value. After that, the attacker can execute an arbitrary command on the server using this malicious file.
Qdpm Qdpm 9.1
5.8
CVSSv2
CVE-2020-11814
A Host Header Injection vulnerability in qdPM 9.1 may allow an malicious user to spoof a particular header and redirect users to malicious websites.
Qdpm Qdpm 9.1
NA
CVE-2023-45855
qdPM 9.2 allows Directory Traversal to list files and directories by navigating to the /uploads URI.
Qdpm Qdpm 9.2
3.5
CVSSv2
CVE-2020-26166
The file upload functionality in qdPM 9.1 doesn't check the file description, which allows remote authenticated malicious users to inject web script or HTML via the attachments info parameter, aka XSS. This can occur during creation of a ticket, project, or task.
Qdpm Qdpm 9.1
4.3
CVSSv2
CVE-2020-19515
qdPM V9.1 is vulnerable to Cross Site Scripting (XSS) via qdPM\install\modules\database_config.php.
Qdpm Qdpm 9.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-21111
CVE-2024-32884
IDOR
CVE-2023-1000
CVE-2024-33260
CVE-2024-3682
reflected XSS
race condition
CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2