File Upload Vulnerability in QaTraq by Qatraq
CVE-2025-63748
Currently unrated
What is CVE-2025-63748?
QaTraq 6.9.2 contains a critical flaw that allows authenticated users to upload arbitrary files via the 'Add Attachment' functionality within the 'Test Script' module. This vulnerability arises from insufficient restrictions on file types, permitting the upload of executable PHP files. Once these PHP files are uploaded, they can be executed on the server through the 'View Attachment' option, leading to potential compromise of the system and unauthorized access. Proper validation and security measures should be implemented to mitigate this risk.