Known Vulnerabilities for products from Qdpm
Listed below are 18 of the newest known vulnerabilities associated with the vendor "Qdpm".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-45856 json | qdPM 9.2 allows remote code execution by using the Add Attachments feature of Edit Project to upload a .php file to the /uplo... | 9.8 - CRITICAL | 2023-10-14 | 2023-10-19 |
| CVE-2023-45855 json | qdPM 9.2 allows Directory Traversal to list files and directories by navigating to the /uploads URI. | 7.5 - HIGH | 2023-10-14 | 2023-10-19 |
| CVE-2022-26180 json | qdPM 9.2 allows Cross-Site Request Forgery (CSRF) via the index.php/myAccount/update URI. | 8.8 - HIGH | 2022-04-08 | 2022-04-14 |
| CVE-2020-26166 json | The file upload functionality in qdPM 9.1 doesn't check the file description, which allows remote authenticated attackers to ... | 5.4 - MEDIUM | 2020-10-05 | 2020-10-13 |
| CVE-2020-26165 json | qdPM through 9.1 allows PHP Object Injection via timeReportActions::executeExport in core/apps/qdPM/modules/timeReport/action... | 8.8 - HIGH | 2020-12-31 | 2021-07-21 |
| CVE-2020-19515 json | qdPM V9.1 is vulnerable to Cross Site Scripting (XSS) via qdPM\install\modules\database_config.php. | 6.1 - MEDIUM | 2021-09-09 | 2021-09-20 |
| CVE-2020-18468 json | Cross Site Scripting (XSS) vulnerability exists in qdPM 9.1 in the Heading field found in the Login Page page under the Gener... | 5.4 - MEDIUM | 2021-08-26 | 2021-08-27 |
| CVE-2020-11814 json | A Host Header Injection vulnerability in qdPM 9.1 may allow an attacker to spoof a particular header and redirect users to ma... | 5.4 - MEDIUM | 2020-04-16 | 2020-04-22 |
| CVE-2020-11811 json | In qdPM 9.1, an attacker can upload a malicious .php file to the server by exploiting the Add Profile Photo capability with a... | 9.8 - CRITICAL | 2020-04-16 | 2020-04-22 |
| CVE-2020-7246 json | A remote code execution (RCE) vulnerability exists in qdPM 9.1 and earlier. An attacker can upload a malicious PHP code file ... | 8.8 - HIGH | 2020-01-21 | 2022-11-10 |
| CVE-2019-25669 json | Not Provided | 2026-04-05 | 2026-04-06 | |
| CVE-2019-8391 json | qdPM 9.1 suffers from Cross-site Scripting (XSS) via configuration?type=[XSS] parameter. | 6.1 - MEDIUM | 2019-05-14 | 2019-05-15 |
| CVE-2019-8390 json | qdPM 9.1 suffers from Cross-site Scripting (XSS) in the search[keywords] parameter. | 6.1 - MEDIUM | 2019-05-14 | 2019-05-15 |
| CVE-2018-25208 json | qdPM 9.1 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by inj... | Not Provided | 2026-03-26 | 2026-04-20 |
| CVE-2015-3884 json | Unrestricted file upload vulnerability in the (1) myAccount, (2) projects, (3) tasks, (4) tickets, (5) discussions, (6) repor... | 8.8 - HIGH | 2017-03-17 | 2023-01-27 |
| CVE-2015-3883 json | Multiple cross-site scripting (XSS) vulnerabilities in qdPM 8.3 allow remote attackers to inject arbitrary web script or HTML... | 6.1 - MEDIUM | 2017-03-17 | 2017-03-20 |
| CVE-2015-3882 json | qdPM 8.3 allows remote attackers to obtain sensitive information via invalid ID value to index.php/users/info/id/[ID], which ... | 5.3 - MEDIUM | 2017-03-17 | 2017-03-20 |
| CVE-2015-3881 json | Information disclosure issue in qdPM 8.3 allows remote attackers to obtain sensitive information via a direct request to (1) ... | 7.5 - HIGH | 2017-03-17 | 2017-03-20 |
Known software with vulnerabilities from Qdpm
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Qdpm | Qdpm | 8.3 |