top of page
perceptive_background_267k.jpg

qdPM 9.1 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the search_by_extrafields[] …

Published:

4 april 2026 om 22:00:00

Alert date:

5 april 2026 om 22:09:04

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Database & Storage

qdPM version 9.1 contains a SQL injection vulnerability in the search_by_extrafields[] parameter that allows attackers to manipulate database queries. Attackers can exploit this by sending malicious POST requests to the users endpoint, potentially triggering SQL syntax errors and extracting sensitive database information. The vulnerability affects the search functionality and can lead to unauthorized database access.

Technical details

Mitigation steps:

Affected products:

qdPM 9.1

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2019-25669
http://qdpm.net
http://qdpm.net/download-qdpm-free-project-management
https://www.exploit-db.com/exploits/46387
https://www.vulncheck.com/advisories/qdpm-sql-injection-via-search-by-extrafields-parameter

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page