2 matches found
PT-2020-19496 · Qdpm · Qdpm
Name of the Vulnerable Software and Affected Versions: qdPM versions 9.1 and earlier Description: A remote code execution issue exists, allowing an attacker to upload malicious PHP code via the profile photo functionality. This is possible due to a path traversal vulnerability in the users'photop...
CVE-2018-3988
Signal Messenger for Android 4.24.8 is affected by an information-disclosure vulnerability when using the “disappearing messages” feature and the photo option in the Attach File menu. The issue arises because Signal stores the photo in its own cache directory, which can be accessed by other appli...