Description
In qdPM 9.1, an attacker can upload a malicious .php file to the server by exploiting the Add Profile Photo capability with a crafted content-type value. After that, the attacker can execute an arbitrary command on the server using this malicious file.
Remediation
References
Related Vulnerabilities
Jboss EAP CVE-2011-1483 Vulnerability (CVE-2011-1483)
WordPress Plugin Visual Form Builder Cross-Site Scripting (3.0.3)
WordPress 3.7.x Multiple Vulnerabilities (3.7 - 3.7.36)
Jenkins Improper Input Validation Vulnerability (CVE-2017-1000391)
ATutor Improper Privilege Management Vulnerability (CVE-2017-1000003)