Description

qdPM 9.1 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through filter_by parameters. Attackers can submit malicious POST requests to the timeReport endpoint with crafted filter_by[CommentCreatedFrom] and filter_by[CommentCreatedTo] parameters to execute arbitrary SQL queries and retrieve sensitive data.

INFO

Published Date :

2026-03-26T11:39:54.728Z

Last Modified :

2026-03-26T18:35:47.179Z

Source :

VulnCheck
AFFECTED PRODUCTS

The following products are affected by CVE-2018-25208 vulnerability.

Vendors Products
Qdpm
  • Qdpm
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2018-25208.

URL Resource
http://qdpm.net cve-icon cve-icon
http://qdpm.net/download-qdpm-free-project-management cve-icon cve-icon
https://www.exploit-db.com/exploits/45767 cve-icon cve-icon
https://www.vulncheck.com/advisories/qdpm-sql-injection-via-filter-by-parameters cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact