2 matches found
CVE-2023-45856
qdPM 9.2 allows remote code execution by using the Add Attachments feature of Edit Project to upload a .php file to the /uploads URI...
CVE-2022-26180
qdPM 9.2 allows Cross-Site Request Forgery CSRF via the index.php/myAccount/update URI...