Show filters
1 Total Results
Displaying 1-1 of 1
Sort by:
Attacker Value
Unknown

CVE-2020-26165

Disclosure Date: December 31, 2020 (last updated February 22, 2025)
qdPM through 9.1 allows PHP Object Injection via timeReportActions::executeExport in core/apps/qdPM/modules/timeReport/actions/actions.class.php because unserialize is used.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0