Sunshineotaku

**Name of the Vulnerable Software and Affected Versions** qdPM version 9.2 **Description** The issue allows Directory Traversal, enabling the listing of files and directories by navigating to the "/uploads" URI. **Recommendations** For qdPM version 9.2, consider restricting access to the /uploads URI as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** qdPM version 9.2 **Description** The issue allows remote code execution by using the Add Attachments feature of Edit Project to upload a .php file to the "/uploads" URI. **Recommendations** For qdPM version 9.2, consider disabling the file upload feature in the Edit Project section until a patch is available. Restrict access to the /uploads URI to minimize the risk of exploitation. Avoid using the Add Attachments feature in the affected version to prevent potential remote code execution attacks.