CVSS 3.1 Score 9.8 of 10 (high)


Published Oct 14, 2023
Updated: Oct 19, 2023
CWE ID 434


CVE-2023-45856 is a critical vulnerability in qdPM 9.2, which allows remote code execution by uploading a .php file through the Add Attachments feature of Edit Project to the /uploads URI. This vulnerability affects the j6GoP- product. To remediate this issue, users should apply the latest security patches or updates provided by qdPM. The potential danger this vulnerability poses to organizations is high, as it can lead to unauthorized execution of arbitrary code on the affected system, potentially resulting in data breaches, unauthorized access, and disruption of services.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-45856 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options