High severity8.8NVD Advisory· Published Mar 17, 2017· Updated May 13, 2026

CVE-2015-3884

Description

Unrestricted file upload vulnerability in the (1) myAccount, (2) projects, (3) tasks, (4) tickets, (5) discussions, (6) reports, and (7) scheduler pages in qdPM 8.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/attachments/ or uploads/users/.

Affected products

Qdpm/Qdpm
cpe:2.3:a:qdpm:qdpm:*:*:*:*:*:*:*:*
Range: <=9.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.com/files/168559/qdPM-9.1-Authenticated-Shell-Upload.htmlnvdExploitThird Party AdvisoryVDB Entry
rossmarks.uk/whitepapers/qdPM_8.3.txtnvdExploitThird Party Advisory
rossmarks.uk/portfolio.phpnvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.058
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000