qdPM Unrestricted Upload of File with Dangerous Type Vulnerability - CVE-2023-45856 - Vulnerability Database

qdPM Unrestricted Upload of File with Dangerous Type Vulnerability - CVE-2023-45856

Critical

Reference: CVE-2023-45856

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2023-45856

Title: qdPM Unrestricted Upload of File with Dangerous Type Vulnerability

Overview:

qdPM 9.2 allows remote code execution by using the Add Attachments feature of Edit Project to upload a .php file to the /uploads URI.