CVE-2020-7246 – qdPM / qdPM – Unrestricted file upload
CVE-2020-7246 is an unrestricted file upload vulnerability impacting qdPM versions 9.1 and earlier. An exploit was observed in open source and a link to an exploit was shared in the underground. This vulnerability exists because of an incomplete fix for CVE-2015-3884.
Summary:
CVE-2020-7246 is an unrestricted file upload vulnerability impacting qdPM versions 9.1 and earlier. An exploit was observed in open source and a link to an exploit was shared in the underground. This vulnerability exists because of an incomplete fix for CVE-2015-3884.
PoC Links(if available):
Packet Storm exploit –
https://packetstormsecurity.com/files/156571/qdPM-Remote-Code-Execution.html
Known Counter Measures:
qdPM addressed the vulnerability in qdPM version 9.2.
Links to patches(if available)
https://qdpm.net/download-qdpm-free-project-management
