Qto: Security Vulnerabilities
Unrestricted file upload vulnerability in qtofm.php in QTOFileManager 1.0 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request.
CVSS Score
7.5
EPSS Score
0.03
Published
2008-05-07
Cross-site scripting (XSS) vulnerability in qtofm.php in QTOFileManager 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) delete, (2) pathext, and (3) edit parameters.
CVSS Score
5.8
EPSS Score
0.004
Published
2006-07-07
Directory traversal vulnerability in qtofm.php in QTOFileManager 1.0 allows remote attackers to modify arbitrary files via a .. (dot dot) sequence in the edit parameter.
CVSS Score
6.4
EPSS Score
0.002
Published
2006-07-07
Cross-site scripting (XSS) vulnerability in qtofm.php4 in QTOFileManager 1.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter, as originally reported for index.php.
CVSS Score
5.8
EPSS Score
0.005
Published
2006-06-22