Description
qdPM 9.2 allows remote code execution by using the Add Attachments feature of Edit Project to upload a .php file to the /uploads URI.
Remediation
References
Related Vulnerabilities
WordPress Plugin NextScripts:Social Networks Auto-Poster Security Bypass (4.3.17)
WordPress Plugin WordPress Backup and Migrate-Backup Guard Arbitrary File Upload (1.0.2)
WordPress Plugin qTranslate Cross-Site Scripting (2.5.39)
Apache Traffic Server Uncontrolled Resource Consumption Vulnerability (CVE-2019-9512)