In qdPM 9.1, an attacker can upload a malicious .php file to the server by exploiting the Add Profile Photo capability with a crafted content-type value. After that, the attacker can execute an arbitrary command on the server using this malicious file.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2020-04-16T16:24:11
Updated: 2024-08-04T11:42:00.533Z
Reserved: 2020-04-16T00:00:00
Link: CVE-2020-11811
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2020-04-16T19:15:27.073
Modified: 2020-04-22T19:19:02.830
Link: CVE-2020-11811
Redhat
No data.