CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

12 matches found

CVE•added 2026/04/05 8:45 p.m.•3 views

CVE-2019-25669

qdPM 9.1 is affected by an SQL injection vulnerability in the search_by_extrafields[] parameter. An attacker can craft malicious values and send POST requests to the users endpoint to trigger SQL syntax errors and exfiltrate database information. The issue arises from unvalidated input used in da...

8.8CVSS6.1AI score0.00042EPSS

Exploits1References4Affected Software1

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2020-18790

Malware in sbrugna...

8.8CVSS8.6AI score0.01126EPSS

Exploits2References5

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2020-4153

Malware in sbrugna...

10CVSS9.2AI score0.00938EPSS

Exploits1References2

RedhatCVE•added 2025/05/22 10:34 p.m.•3 views

CVE-2022-26180

qdPM 9.2 allows Cross-Site Request Forgery CSRF via the index.php/myAccount/update URI...

8.8CVSS7.1AI score0.00457EPSS

Exploits4References1

RedhatCVE•added 2025/05/22 5:54 p.m.•5 views

CVE-2020-7246

A remote code execution RCE vulnerability exists in qdPM 9.1 and earlier. An attacker can upload a malicious PHP code file via the profile photo functionality, by leveraging a path traversal vulnerability in the users'photoppreview' delete photo feature, allowing bypass of .htaccess protection...

8.8CVSS8AI score0.90442EPSS

Exploits18References1

RedhatCVE•added 2025/05/22 4:11 p.m.•3 views

CVE-2020-11814

A Host Header Injection vulnerability in qdPM 9.1 may allow an attacker to spoof a particular header and redirect users to malicious websites...

5.8CVSS7.1AI score0.00288EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 3:17 p.m.•4 views

CVE-2020-19515

qdPM V9.1 is vulnerable to Cross Site Scripting XSS via qdPM\install\modules\databaseconfig.php...

6.1CVSS6.1AI score0.04532EPSS

Exploits1

Cvelist•added 2021/09/09 2:37 p.m.•13 views

CVE-2020-19515

qdPM V9.1 is vulnerable to Cross Site Scripting XSS via qdPM\install\modules\databaseconfig.php...

6AI score0.04532EPSS

Exploits1References1

CNVD•added 2021/01/04 12:0 a.m.•2 views

qdPM PHP Object Injection Vulnerability

qdPM is a free Web-based open source project management tool , written in symfony framework for small teams . qdPM 9.1 and earlier versions have PHP object injection vulnerabilities. An attacker can exploit this vulnerability by using timeReportActions::executeExport in...

8.8CVSS7.4AI score0.01126EPSS

Exploits2References1

OSV•added 2020/12/31 9:15 p.m.•2 views

CVE-2020-26165

qdPM through 9.1 allows PHP Object Injection via timeReportActions::executeExport in core/apps/qdPM/modules/timeReport/actions/actions.class.php because unserialize is used...

8.8CVSS5.8AI score0.01126EPSS

Exploits2References3

CNVD•added 2017/03/21 12:0 a.m.•2 views

qdPM Cross-Site Scripting Vulnerability

qdPM is a free , open source based on Symfony framework using PHP and MySQL development project management system . A cross-site scripting vulnerability exists in qdPM version 8.3. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML with the help of parameters ...

6.1CVSS6AI score0.00238EPSS

Exploits1References1

CNVD•added 2017/03/21 12:0 a.m.•2 views

qdPM Information Disclosure Vulnerability (CNVD-2017-03454)

qdPM is a free , open source based on Symfony framework using PHP and MySQL development project management system . An information disclosure vulnerability exists in qdPM version 8.3. A remote attacker can exploit this vulnerability by sending an invalid ID value to index.php/users/info/id/ID to...

5.3CVSS6.3AI score0.00261EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by