Show filters
3 Total Results
Displaying 1-3 of 3
Sort by:
Attacker Value
Unknown

CVE-2023-45856

Disclosure Date: October 14, 2023 (last updated October 20, 2023)
qdPM 9.2 allows remote code execution by using the Add Attachments feature of Edit Project to upload a .php file to the /uploads URI.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2023-45855

Disclosure Date: October 14, 2023 (last updated October 20, 2023)
qdPM 9.2 allows Directory Traversal to list files and directories by navigating to the /uploads URI.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-26180

Disclosure Date: April 08, 2022 (last updated February 23, 2025)
qdPM 9.2 allows Cross-Site Request Forgery (CSRF) via the index.php/myAccount/update URI.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0