Description

qdPM 9.2 allows remote code execution by using the Add Attachments feature of Edit Project to upload a .php file to the /uploads URI.

Remediation

References

CVE-2023-45856

Related Vulnerabilities

WordPress Plugin NextScripts:Social Networks Auto-Poster Security Bypass (4.3.17)

WordPress Plugin WordPress Backup and Migrate-Backup Guard Arbitrary File Upload (1.0.2)

WordPress Plugin qTranslate Cross-Site Scripting (2.5.39)

WordPress Plugin Maintenance Mode Under Construction Page Landing Page Possible Remote Code Execution (1.0.9)

Apache Traffic Server Uncontrolled Resource Consumption Vulnerability (CVE-2019-9512)

Severity

Critical

Classification

CVE-2023-45856 CWE-434 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities