CVE-2020-7246 – qdPM / qdPM – Unrestricted file upload

August 20, 2021

CVE-2020-7246 is an unrestricted file upload vulnerability impacting qdPM versions 9.1 and earlier. An exploit was observed in open source and a link to an exploit was shared in the underground. This vulnerability exists because of an incomplete fix for CVE-2015-3884.

Summary:

CVE-2020-7246 is an unrestricted file upload vulnerability impacting qdPM versions 9.1 and earlier. An exploit was observed in open source and a link to an exploit was shared in the underground. This vulnerability exists because of an incomplete fix for CVE-2015-3884.

PoC Links(if available):

Packet Storm exploit –
https://packetstormsecurity.com/files/156571/qdPM-Remote-Code-Execution.html

Known Counter Measures:

qdPM addressed the vulnerability in qdPM version 9.2.

Links to patches(if available)

https://qdpm.net/download-qdpm-free-project-management

You may have missed

hackerone

HackerOne Bug Bounty Disclosure: insecure-direct-object-reference-protection-bypass-by-changing-http-method-in-ibm-your-learning-endpoint-suryahss

May 1, 2024
CISA Logo

CISA: CISA and Partners Release Fact Sheet on Defending OT Operations Against Ongoing Pro-Russia Hacktivist Activity

May 1, 2024
Sliver C2

Sliver C2 Detected – 45[.]55[.]51[.]117:31337

May 1, 2024
Sliver C2

Sliver C2 Detected – 89[.]221[.]225[.]207:31337

May 1, 2024
Sliver C2

Sliver C2 Detected – 8[.]222[.]253[.]149:31337

May 1, 2024