2 matches found
CVE-2018-10760
CVE-2018-10760 describes an unrestricted file upload vulnerability in ProjectPier's Files plugin (versions 0.88 and earlier). The issue allows remote authenticated users to upload a file with an executable extension and then access it via a direct request to the file in the tmp directory under th...
ProjectPier 0.8.8 SQL Injection / Authentication Bypass / RFI
"ProjectPier is a Free, Open-Source, PHP application for managing tasks, projects and teams through an intuitive web interface." https://github.com/Project-Pier https://sourceforge.net/projects/projectpier/ I reached out to the vendor via several channels to report the findings below, but receive...