4 matches found
EUVD-2025-197814
QaTraq 6.9.2 allows authenticated users to upload arbitrary files via the "Add Attachment" feature in the "Test Script" module. The application fails to restrict file types, enabling the upload of executable PHP files. Once uploaded, the file can be accessed through the "View Attachment" option,...
CVE-2025-63748
QaTraq 6.9.2 allows authenticated users to upload arbitrary files via the "Add Attachment" feature in the "Test Script" module. The application fails to restrict file types, enabling the upload of executable PHP files. Once uploaded, the file can be accessed through the "View Attachment" option,...
PT-2025-47158
Name of the Vulnerable Software and Affected Versions QaTraq version 6.9.2 Description Authenticated users can upload arbitrary files through the "Add Attachment" feature within the "Test Script" module. The application does not restrict file types, allowing the upload of executable PHP files...
CVE-2025-63748
CVE-2025-63748 affects QaTraq 6.9.2. Authenticated users can upload arbitrary files via the Add Attachment feature in the Test Script module due to insufficient file-type restrictions. Uploaded files (e.g., executable PHP) can be accessed through View Attachment and may execute on the server, ind...