mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-07 11:06:19 +00:00
837 B
837 B
CVE-2020-11811
Description
In qdPM 9.1, an attacker can upload a malicious .php file to the server by exploiting the Add Profile Photo capability with a crafted content-type value. After that, the attacker can execute an arbitrary command on the server using this malicious file.
POC
Reference
- https://fatihhcelik.blogspot.com/2020/01/qdpm-web-based-project-management.html
- https://fatihhcelik.blogspot.com/2020/01/qdpm-web-based-project-management.html
Github
No PoCs found on GitHub currently.