17 matches found
CVE-2023-45855
qdPM 9.2 allows Directory Traversal to list files and directories by navigating to the /uploads URI...
EUVD-2022-30746
Malicious code in bioql PyPI...
CVE-2023-45855
qdPM 9.2 allows Directory Traversal to list files and directories by navigating to the /uploads URI...
CVE-2023-45856
qdPM 9.2 allows remote code execution by using the Add Attachments feature of Edit Project to upload a .php file to the /uploads URI...
Remote code execution
qdPM 9.2 allows remote code execution by using the Add Attachments feature of Edit Project to upload a .php file to the /uploads URI...
Directory traversal
qdPM 9.2 allows Directory Traversal to list files and directories by navigating to the /uploads URI...
CVE-2023-45856
qdPM 9.2 allows remote code execution by using the Add Attachments feature of Edit Project to upload a .php file to the /uploads URI...
CVE-2023-45855
qdPM 9.2 allows Directory Traversal to list files and directories by navigating to the /uploads URI...
CVE-2023-45855
Affected software: qdPM 9.2. The CVE describes a directory traversal vulnerability that allows an attacker to list files and directories by accessing the /uploads URI. Root cause / vulnerability class: Improper validation or path handling enabling traversal to reveal server-side files. Impact: Po...
CVE-2023-45855
qdPM 9.2 allows Directory Traversal to list files and directories by navigating to the /uploads URI...
Cross site request forgery (csrf)
qdPM 9.2 allows Cross-Site Request Forgery CSRF via the index.php/myAccount/update URI...
CVE-2022-26180
qdPM 9.2 allows Cross-Site Request Forgery CSRF via the index.php/myAccount/update URI...
qdPM 9.2 Cross Site Request Forgery
Exploit Title: qdPM 9.2 - Cross-site Request Forgery CSRF Google Dork: NA Date: 03/27/2022 Exploit Author: Chetanya Sharma @AggressiveUser Vendor Homepage: https://qdpm.net/ Software Link: https://sourceforge.net/projects/qdpm/files/latest/download Version: 9.2 Tested on: KALI OS CVE :...
qdPM 9.2 - Cross-site Request Forgery Vulnerability
Exploit Title: qdPM 9.2 - Cross-site Request Forgery CSRF Google Dork: NA Exploit Author: Chetanya Sharma @AggressiveUser Vendor Homepage: https://qdpm.net/ Software Link: https://sourceforge.net/projects/qdpm/files/latest/download Version: 9.2 Tested on: KALI OS CVE : CVE-2022-26180...
qdPM 9.2 - Cross-site Request Forgery (CSRF)
Exploit Title: qdPM 9.2 - Cross-site Request Forgery CSRF Google Dork: NA Date: 03/27/2022 Exploit Author: Chetanya Sharma @AggressiveUser Vendor Homepage: https://qdpm.net/ Software Link: https://sourceforge.net/projects/qdpm/files/latest/download Version: 9.2 Tested on: KALI OS CVE :...
qdPM 9.2 - Password Exposure (Unauthenticated)
Exploit Title: qdPM 9.2 - DB Connection String and Password Exposure Unauthenticated Date: 03/08/2021 Exploit Author: Leon Trappett thepcn3rd Vendor Homepage: https://qdpm.net/ Software Link: https://sourceforge.net/projects/qdpm/files/latest/download Version: 9.2 Tested on: Ubuntu 20.04 Apache2...
qdPM 9.2 Information Disclosure
Exploit Title: qdPM 9.2 - DB Connection String and Password Exposure Unauthenticated Date: 03/08/2021 Exploit Author: Leon Trappett thepcn3rd Vendor Homepage: https://qdpm.net/ Software Link: https://sourceforge.net/projects/qdpm/files/latest/download Version: 9.2 Tested on: Ubuntu 20.04 Apache2...