Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv2

CVE-2015-3884

Published: 17/03/2017 Updated: 27/01/2023
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 690
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Subscribe to Qdpm

Vulnerability Summary

Unrestricted file upload vulnerability in the (1) myAccount, (2) projects, (3) tasks, (4) tickets, (5) discussions, (6) reports, and (7) scheduler pages in qdPM 8.3 allows remote malicious users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/attachments/ or uploads/users/.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

qdpm qdpm

Exploits

Exploit DB: qdPM 9.1 Authenticated Shell Upload
A remote code execution vulnerability exists in qdPM versions 91 and below An attacker can upload a malicious PHP code file via the profile photo functionality by leveraging a path traversal vulnerability in the users['photop_preview'] delete photo feature thus allowing bypass of htaccess protection NOTE: this issue exists because of an incompl ...
Exploit DB: qdPM 9.1 Authenticated Arbitrary PHP File Upload (RCE)
A remote code execution (RCE) vulnerability exists in qdPM 91 and earlier An attacker can upload a malicious PHP code file via the profile photo functionality, by leveraging a path traversal vulnerability in the users['photop_preview'] delete photo feature, allowing bypass of htaccess protection NOTE: this issue ex ...

Metasploit Modules

qdPM 9.1 Authenticated Arbitrary PHP File Upload (RCE)

A remote code execution (RCE) vulnerability exists in qdPM 9.1 and earlier. An attacker can upload a malicious PHP code file via the profile photo functionality, by leveraging a path traversal vulnerability in the users['photop_preview'] delete photo feature, allowing bypass of .htaccess protection. NOTE: this issue exists because of an incomplete fix for CVE-2015-3884.

msf > use exploit/multi/http/qdpm_authenticated_rce
msf exploit(qdpm_authenticated_rce) > show targets
    ...targets...
msf exploit(qdpm_authenticated_rce) > set TARGET < target-id >
msf exploit(qdpm_authenticated_rce) > show options
    ...show and set options...
msf exploit(qdpm_authenticated_rce) > exploit

Github Repositories

https://github.com/TobinShields/qdPM9.1_Exploit

This is an exploit to automatically upload a PHP web shell to the qdPM 9.1 platform via the "upload a profile photo" feature. This method also bypasses the fix put into place from a previous CVE

qdPM v91 Authenticated RCE Exploit This is an exploit to automatically upload a PHP web shell to the qdPM 91 platform via the "upload a profile photo" feature This method also bypasses the fix put into place from a previous CVE Vulnerability Information CVE: CVE-2020-7246 NVD Published Date: 01/21/2020 Base Score 88 (HIGH) Vulnerability Type Web Exploit

References

CWE-434http://rossmarks.uk/whitepapers/qdPM_8.3.txthttp://rossmarks.uk/portfolio.phphttp://packetstormsecurity.com/files/168559/qdPM-9.1-Authenticated-Shell-Upload.htmlhttps://nvd.nist.govhttps://github.com/TobinShields/qdPM9.1_Exploithttps://packetstormsecurity.com/files/168559/qdPM-9.1-Authenticated-Shell-Upload.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook