qdPM Code Execution Vulnerability - CVE-2015-3884 - Vulnerability Database

qdPM Code Execution Vulnerability - CVE-2015-3884

Critical

Reference: CVE-2015-3884

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2015-3884

Title: qdPM Code Execution Vulnerability

Overview:

Unrestricted file upload vulnerability in the (1) myAccount (2) projects (3) tasks (4) tickets (5) discussions (6) reports and (7) scheduler pages in qdPM 8.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension then accessing it via a direct request to the file in uploads/attachments/ or uploads/users/.