qdPM 9.2 allows Directory Traversal to list files and directories by navigating to the /uploads URI.
CVSS Score
7.5
EPSS Score
0.801
Published
2023-10-14
qdPM 9.2 allows remote code execution by using the Add Attachments feature of Edit Project to upload a .php file to the /uploads URI.
CVSS Score
9.8
EPSS Score
0.066
Published
2023-10-14
qdPM 9.2 allows Cross-Site Request Forgery (CSRF) via the index.php/myAccount/update URI.
CVSS Score
8.8
EPSS Score
0.004
Published
2022-04-08