CVE-2015-3882

Name of the Vulnerable Software and Affected Versions qdPM version 8.3

Description The issue allows remote attackers to obtain sensitive information. This is achieved by providing an invalid ID value to the "index.php/users/info/id/[ID]" endpoint, which results in an error message that reveals the installation path.

Recommendations For qdPM version 8.3, consider restricting access to the "index.php/users/info/id/[ID]" endpoint until a patch is available. As a temporary workaround, avoid using invalid ID values in this endpoint to minimize the risk of exploitation.