Security Advisory

CVE-2020-7246

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-01-21 13:02:35

Last updated 2024-08-04 09:25:48

Assigner mitre

State PUBLISHED

Description

A remote code execution (RCE) vulnerability exists in qdPM 9.1 and earlier. An attacker can upload a malicious PHP code file via the profile photo functionality, by leveraging a path traversal vulnerability in the users[photop_preview] delete photo feature, allowing bypass of .htaccess protection. NOTE: this issue exists because of an incomplete fix for CVE-2015-3884.

← Browse all CVEs View on cve.org ↗