CVE-2020-7246

EPSS 83.2%

A remote code execution (RCE) vulnerability exists in qdPM 9.1 and earlier. An attacker can upload a malicious PHP code file via the profile photo functionality, by leveraging a path traversal vulnerability in the users['photop_preview'] delete photo feature, allowing bypass of .htaccess protection. NOTE: this issue exists because of an incomplete fix for CVE-2015-3884.

Affected products

n/a · n/a

public PoCs found — 11

githubgithub.com/pswalia2u/CVE-2020-7246★ 1 githubgithub.com/arafatansari/SecAssignment★ 0 githubgithub.com/j0hn30n/CVE-2020-7246★ 0 cve_referencepacketstormsecurity.com/files/168559/qdPM-9.1-Authenticated-Shell-Upload.htmlunverified exploitdbwww.exploit-db.com/exploits/48146unverified exploitdbwww.exploit-db.com/exploits/47954unverified exploitdbwww.exploit-db.com/exploits/50175unverified cve_referencepacketstormsecurity.com/files/156063/qdPM-9.1-Remote-Code-Execution.htmlunverified exploitdbwww.exploit-db.com/exploits/50944unverified cve_referencepacketstormsecurity.com/files/156571/qdPM-Remote-Code-Execution.htmlunverified cve_referencepacketstormsecurity.com/files/167264/qdPM-9.1-Remote-Code-Execution.htmlunverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://packetstormsecurity.com/files/156063/qdPM-9.1-Remote-Code-Execution.html http://packetstormsecurity.com/files/156571/qdPM-Remote-Code-Execution.html http://packetstormsecurity.com/files/167264/qdPM-9.1-Remote-Code-Execution.html http://packetstormsecurity.com/files/168559/qdPM-9.1-Authenticated-Shell-Upload.html https://docs.google.com/document/d/13ZZSm0DL1Ie6r_fU5ZdDKGZ4defFqiFXMG--zDo8S10/edit?usp=sharing