2 matches found
CVE-2025-63747
CVE-2025-63747 affects QaTraq 6.9.2. The issue arises from default-enabled administrative credentials, allowing immediate login through the web app login page and granting administrative access if reachable. The vulnerability is present in the default configuration, so an attacker who can access ...
CVE-2025-63748
CVE-2025-63748 affects QaTraq 6.9.2. Authenticated users can upload arbitrary files via the Add Attachment feature in the Test Script module due to insufficient file-type restrictions. Uploaded files (e.g., executable PHP) can be accessed through View Attachment and may execute on the server, ind...