PT-2023-29734 · Qdpm · Qdpm
Sunshineotaku
·
Publicado
2023-10-13
·
Atualizado
2023-10-19
·
CVE-2023-45856
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
qdPM version 9.2
Description
The issue allows remote code execution by using the Add Attachments feature of Edit Project to upload a .php file to the "/uploads" URI.
Recommendations
For qdPM version 9.2, consider disabling the file upload feature in the Edit Project section until a patch is available. Restrict access to the /uploads URI to minimize the risk of exploitation. Avoid using the Add Attachments feature in the affected version to prevent potential remote code execution attacks.
Exploit
Correção
RCE
Unrestricted File Upload
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Qdpm