Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
qdPM Unrestricted Upload of File with Dangerous Type Vulnerability - CVE-2020-11811 - Vulnerability Database
qdPM

qdPM Unrestricted Upload of File with Dangerous Type Vulnerability - CVE-2020-11811

Critical
Reference: CVE-2020-11811
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2020-11811
Title: qdPM Unrestricted Upload of File with Dangerous Type Vulnerability
Overview:

In qdPM 9.1 an attacker can upload a malicious .php file to the server by exploiting the Add Profile Photo capability with a crafted content-type value. After that the attacker can execute an arbitrary command on the server using this malicious file.