qdPM up to and including 9.1 allows PHP Object Injection via timeReportActions::executeExport in core/apps/qdPM/modules/timeReport/actions/actions.class.php because unserialize is used.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
qdpm qdpm |