File Upload Vulnerability in qdPM Project Management Software by QdPM
CVE-2020-26166

5.4MEDIUM

Key Information:

Vendor

Qdpm

Status
Qdpm
Vendor
CVE Published:
5 October 2020

What is CVE-2020-26166?

The file upload feature in qdPM version 9.1 is prone to a vulnerability that does not properly validate the file description. This oversight allows remote authenticated attackers to inject malicious web scripts or HTML code through the attachments info parameter while creating a ticket, project, or task. Successful exploitation of this vulnerability could lead to unauthorized actions on behalf of the user, potentially compromising the security of the application.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://qdpm.net/qdpm-release-notes-free-project-management
x_refsource_MISC
https://sourceforge.net/projects/qdpm/
x_refsource_MISC
https://github.com/Kajmer/CVEs/blob/main/CVE-2020-26166.md
x_refsource_MISC

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.