Qatraq
by Qatraq
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-63747 | 0.00 | — | 0.00 | Nov 17, 2025 | QaTraq 6.9.2 ships with administrative account credentials which are enabled in default installations and permit immediate login via the web application login page. Because the account provides administrative privileges in the default configuration, an attacker who can reach the… | |||
| CVE-2025-63748 | 0.00 | — | 0.00 | Nov 17, 2025 | QaTraq 6.9.2 allows authenticated users to upload arbitrary files via the "Add Attachment" feature in the "Test Script" module. The application fails to restrict file types, enabling the upload of executable PHP files. Once uploaded, the file can be accessed through the "View… | |||
| CVE-2006-3312 | 0.00 | — | 0.04 | Jun 29, 2006 | Multiple cross-site scripting (XSS) vulnerabilities in ashmans and Bill Echlin QaTraq 6.5 RC and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) link_print, (2) link_upgrade, (3) link_sql, (4) link_next, (5) link_prev, and (6) link_list… |
- CVE-2025-63747Nov 17, 2025risk 0.00cvss —epss 0.00
QaTraq 6.9.2 ships with administrative account credentials which are enabled in default installations and permit immediate login via the web application login page. Because the account provides administrative privileges in the default configuration, an attacker who can reach the…
- CVE-2025-63748Nov 17, 2025risk 0.00cvss —epss 0.00
QaTraq 6.9.2 allows authenticated users to upload arbitrary files via the "Add Attachment" feature in the "Test Script" module. The application fails to restrict file types, enabling the upload of executable PHP files. Once uploaded, the file can be accessed through the "View…
- CVE-2006-3312Jun 29, 2006risk 0.00cvss —epss 0.04
Multiple cross-site scripting (XSS) vulnerabilities in ashmans and Bill Echlin QaTraq 6.5 RC and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) link_print, (2) link_upgrade, (3) link_sql, (4) link_next, (5) link_prev, and (6) link_list…