2 matches found
PT-2026-3574
Name of the Vulnerable Software and Affected Versions Tutor LMS versions prior to 3.9.5 Description The Tutor LMS plugin for WordPress allows authenticated attackers with subscriber-level access or higher to delete arbitrary attachments on a site. This is due to a missing capability check within...
PT-2020-19496 · Qdpm · Qdpm
Name of the Vulnerable Software and Affected Versions: qdPM versions 9.1 and earlier Description: A remote code execution issue exists, allowing an attacker to upload malicious PHP code via the profile photo functionality. This is possible due to a path traversal vulnerability in the users'photop...