Description
In qdPM 9.1, an attacker can upload a malicious .php file to the server by exploiting the Add Profile Photo capability with a crafted content-type value. After that, the attacker can execute an arbitrary command on the server using this malicious file.
Remediation
References
Related Vulnerabilities
Apache version older than 1.3.31
WordPress Plugin WP Learn Manager Cross-Site Scripting (1.1.2)
WordPress Plugin wpDataTables-WordPress Tables & Table Charts Multiple Vulnerabilities (2.0.11)
WordPress Plugin Frontend File Manager Arbitrary File Upload (3.7)
WordPress Plugin Portfolio Gallery-Image Gallery Cross-Site Request Forgery (1.1.2)