2 matches found
CVE-2015-3882
qdPM 8.3 allows remote attackers to obtain sensitive information via invalid ID value to index.php/users/info/id/ID, which reveals the installation path in an error message...
CVE-2015-3882
qdPM 8.3 (Symfony-based PHP/MySQL project management system) is affected by an information-disclosure vulnerability. A remote attacker can send an invalid ID to index.php/users/info/id/[ID] and cause an error message that reveals the installation path. This CVE is documented with CNVD-2017-03454;...