| |
Vulnerability CVE-2015-3884
Published: 2017-03-17
| Description: |
Unrestricted file upload vulnerability in the (1) myAccount, (2) projects, (3) tasks, (4) tickets, (5) discussions, (6) reports, and (7) scheduler pages in qdPM 8.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/attachments/ or uploads/users/. |
See advisories in our WLB2 database: | Topic | Author | Date |
High |
| Rishal Dwivedi | 29.09.2022 |
Type:
CWE-264 (Permissions, Privileges, and Access Controls)
CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
7.5/10 |
6.4/10 |
10/10 |
| Exploit range |
Attack complexity |
Authentication |
Remote |
Low |
No required |
| Confidentiality impact |
Integrity impact |
Availability impact |
Partial |
Partial |
Partial |
References: |
http://rossmarks.uk/portfolio.php
http://rossmarks.uk/whitepapers/qdPM_8.3.txt
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
