Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
prionPRIOn knowledge basePRION:CVE-2020-7246
HistoryJan 21, 2020 - 2:15 p.m.

Path traversal

2020-01-2114:15:00
PRIOn knowledge base
www.prio-n.com
8

9.2 High

AI Score

Confidence

High

0.969 High

EPSS

Percentile

99.7%

JSON

A remote code execution (RCE) vulnerability exists in qdPM 9.1 and earlier. An attacker can upload a malicious PHP code file via the profile photo functionality, by leveraging a path traversal vulnerability in the users[‘photop_preview’] delete photo feature, allowing bypass of .htaccess protection. NOTE: this issue exists because of an incomplete fix for CVE-2015-3884.

CPENameOperatorVersion
qdpmle9.1

Related

cve 2
zdt 4
attackerkb 1
nvd 2
packetstorm 4
cvelist 2
prion 1
metasploit 1
exploitpack 2
checkpoint_advisories 1
exploitdb 4
rapid7blog 1
cve
cve
CVE-2020-7246
2020-01-21 14:15:13
CVE-2015-3884
2017-03-17 14:59:00
zdt
zdt
qdPM 9.1 Authenticated Shell Upload Exploit
2022-09-29 00:00:00
qdPM < 9.1 - Remote Code Execution Exploit
2020-02-29 00:00:00
qdPM 9.1 - Remote Code Execution (Authenticated) Exploit
2022-05-26 00:00:00
attackerkb
attackerkb
CVE-2020-7246
2020-01-21 00:00:00
nvd
nvd
CVE-2020-7246
2020-01-21 14:15:13
CVE-2015-3884
2017-03-17 14:59:00
packetstorm
packetstorm
qdPM 9.1 Authenticated Shell Upload
2022-09-29 00:00:00
qdPM 9.1 Remote Code Execution
2022-05-26 00:00:00
qdPM 9.1 Remote Code Execution
2020-01-23 00:00:00
cvelist
cvelist
CVE-2020-7246
2020-01-21 13:02:35
CVE-2015-3884
2017-03-17 14:00:00
prion
prion
Unrestricted file upload
2017-03-17 14:59:00
metasploit
metasploit
qdPM 9.1 Authenticated Arbitrary PHP File Upload (RCE)
2022-06-13 15:41:34
exploitpack
exploitpack
qdPM 9.1 - Remote Code Execution
2020-02-28 00:00:00
qdPM 9.1 - Remote Code Execution
2020-01-23 00:00:00
checkpoint_advisories
checkpoint_advisories
qdPM Remote Code Execution (CVE-2020-7246)
2020-03-25 00:00:00
exploitdb
exploitdb
qdPM 9.1 - Remote Code Execution (Authenticated)
2021-08-04 00:00:00
qdPM 9.1 - Remote Code Execution
2020-01-23 00:00:00
qdPM 9.1 - Remote Code Execution (RCE) (Authenticated) (v2)
2022-05-25 00:00:00
rapid7blog
rapid7blog
Metasploit Weekly Wrap-Up
2022-09-30 18:47:25

9.2 High

AI Score

Confidence

High

0.969 High

EPSS

Percentile

99.7%

JSON
Related for PRION:CVE-2020-7246
cve2zdt4attackerkb1nvd2packetstorm4cvelist2prion1metasploit1exploitpack2checkpoint_advisories1exploitdb4rapid7blog1