cve/CVE-2015-3884.md at 4024663e83c70ac127726b49919178f8121c5338

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-28 01:04:30 +00:00

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

Unrestricted file upload vulnerability in the (1) myAccount, (2) projects, (3) tasks, (4) tickets, (5) discussions, (6) reports, and (7) scheduler pages in qdPM 8.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/attachments/ or uploads/users/.

POC

Reference

http://packetstormsecurity.com/files/168559/qdPM-9.1-Authenticated-Shell-Upload.html

Github

https://github.com/0xT11/CVE-POC
https://github.com/ARPSyndicate/cvemon
https://github.com/Live-Hack-CVE/CVE-2015-3884
https://github.com/Live-Hack-CVE/CVE-2020-7246
https://github.com/TobinShields/qdPM9.1_Exploit
https://github.com/developer3000S/PoC-in-GitHub
https://github.com/hectorgie/PoC-in-GitHub
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/soosmile/POC

1.2 KiB Raw Blame History

CVE-2015-3884

Description

POC

Reference

Github

1.2 KiB

Raw Blame History