qdPM

qdPM is a free web-based project management tool suitable for a small team working on multiple projects. It is fully configurable. You can easy manage Projects Tasks and People. Customers interact using a Ticket System that is integrated into Task management.

Official Site:

http://qdpm.net/

Severity Summary:

Critical: 3 High: 5 Medium: 8

Reference

Title

Severity

CVE-2020-11811

qdPM Unrestricted Upload of File with Dangerous Type Vulnerability

Critical

CVE-2015-3884

qdPM Code Execution Vulnerability

Critical

CVE-2023-45856

qdPM Unrestricted Upload of File with Dangerous Type Vulnerability

Critical

CVE-2015-3881

qdPM Sensitive Information Disclosure Vulnerability

High

CVE-2020-7246

qdPM Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability

High

CVE-2020-26165

qdPM Improper Control of Generation of Code (Code Injection) Vulnerability

High

CVE-2022-26180

qdPM Cross-Site Request Forgery (CSRF) Vulnerability

High

CVE-2023-45855

qdPM Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability

High

CVE-2015-3882

qdPM Sensitive Information Disclosure Vulnerability

Medium

CVE-2015-3883

qdPM Multiple Cross-site Scripting (XSS) Vulnerabilities

Medium

CVE-2020-26166