Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistMitreCVELIST:CVE-2020-7246
HistoryJan 21, 2020 - 1:02 p.m.

CVE-2020-7246

2020-01-2113:02:35
mitre
www.cve.org
1

9.2 High

AI Score

Confidence

High

0.97 High

EPSS

Percentile

99.7%

JSON

A remote code execution (RCE) vulnerability exists in qdPM 9.1 and earlier. An attacker can upload a malicious PHP code file via the profile photo functionality, by leveraging a path traversal vulnerability in the users[‘photop_preview’] delete photo feature, allowing bypass of .htaccess protection. NOTE: this issue exists because of an incomplete fix for CVE-2015-3884.

Related

packetstorm 4
prion 2
cve 2
zdt 4
attackerkb 1
nvd 2
metasploit 1
cvelist 1
checkpoint_advisories 1
exploitpack 2
exploitdb 4
rapid7blog 1
packetstorm
packetstorm
qdPM 9.1 Authenticated Shell Upload
2022-09-29 00:00:00
qdPM 9.1 Remote Code Execution
2022-05-26 00:00:00
qdPM Remote Code Execution
2020-02-28 00:00:00
prion
prion
Path traversal
2020-01-21 14:15:00
Unrestricted file upload
2017-03-17 14:59:00
cve
cve
CVE-2020-7246
2020-01-21 14:15:13
CVE-2015-3884
2017-03-17 14:59:00
zdt
zdt
qdPM 9.1 Authenticated Shell Upload Exploit
2022-09-29 00:00:00
qdPM < 9.1 - Remote Code Execution Exploit
2020-02-29 00:00:00
qdPM 9.1 - Remote Code Execution (Authenticated) Exploit
2022-05-26 00:00:00
attackerkb
attackerkb
CVE-2020-7246
2020-01-21 00:00:00
nvd
nvd
CVE-2020-7246
2020-01-21 14:15:13
CVE-2015-3884
2017-03-17 14:59:00
metasploit
metasploit
qdPM 9.1 Authenticated Arbitrary PHP File Upload (RCE)
2022-06-13 15:41:34
cvelist
cvelist
CVE-2015-3884
2017-03-17 14:00:00
checkpoint_advisories
checkpoint_advisories
qdPM Remote Code Execution (CVE-2020-7246)
2020-03-25 00:00:00
exploitpack
exploitpack
qdPM 9.1 - Remote Code Execution
2020-02-28 00:00:00
qdPM 9.1 - Remote Code Execution
2020-01-23 00:00:00
exploitdb
exploitdb
qdPM 9.1 - Remote Code Execution (Authenticated)
2021-08-04 00:00:00
qdPM 9.1 - Remote Code Execution
2020-01-23 00:00:00
qdPM 9.1 - Remote Code Execution (RCE) (Authenticated) (v2)
2022-05-25 00:00:00
rapid7blog
rapid7blog
Metasploit Weekly Wrap-Up
2022-09-30 18:47:25

9.2 High

AI Score

Confidence

High

0.97 High

EPSS

Percentile

99.7%

JSON
Related for CVELIST:CVE-2020-7246
packetstorm4prion2cve2zdt4attackerkb1nvd2metasploit1cvelist1checkpoint_advisories1exploitpack2exploitdb4rapid7blog1