Description qdPM 9.2 allows Directory Traversal to list files and directories by navigating to the /uploads URI. Remediation References CVE-2023-45855 Related Vulnerabilities Drupal Core 7.x Cross-Site Scripting (7.0 - 7.64) IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-1688) Moodle Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2006-4785) Apache HTTP Server Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-0455) WordPress Plugin Ruven Toolkit Cross-Site Scripting (1.1) Severity High Classification CVE-2023-45855 CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Tags Missing Update Known Vulnerabilities