Vulnerabilities > Qdpm > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-14 | CVE-2023-45856 | Unrestricted Upload of File with Dangerous Type vulnerability in Qdpm 9.2 qdPM 9.2 allows remote code execution by using the Add Attachments feature of Edit Project to upload a .php file to the /uploads URI. | 9.8 |
| 2020-04-16 | CVE-2020-11811 | Unrestricted Upload of File with Dangerous Type vulnerability in Qdpm 9.1 In qdPM 9.1, an attacker can upload a malicious .php file to the server by exploiting the Add Profile Photo capability with a crafted content-type value. | 10.0 |