{"vulnerability": "CVE-2020-7246", "sightings": [{"uuid": "d64f1bd3-d4cb-4d5f-8015-3d36d4dd4dc8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-7246", "type": "exploited", "source": "https://www.exploit-db.com/exploits/50175", "content": "", "creation_timestamp": "2021-08-04T00:00:00.000000Z"}, {"uuid": "1d3d5a3d-ee4a-4c6d-89ae-cd93c1b7b5c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-7246", "type": "seen", "source": "MISP/c17980db-94cf-418e-b537-33abfc6e76c0", "content": "", "creation_timestamp": "2024-11-14T06:09:42.000000Z"}, {"uuid": "7b529fa1-ad9f-4139-83cf-73e6e1625a6e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-7246", "type": "exploited", "source": "https://www.exploit-db.com/exploits/50944", "content": "", "creation_timestamp": "2022-05-25T00:00:00.000000Z"}, {"uuid": "4136eb1d-9dde-4fe7-b9c3-4194bc2c4266", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-7246", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:44.000000Z"}, {"uuid": "811f95af-3554-4e71-9f19-bcfe9c99bc13", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-7246", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:30.000000Z"}, {"uuid": "1ebe84ae-bc9c-45b9-8576-c557de5932a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-7246", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/qdpm_authenticated_rce.rb", "content": "", "creation_timestamp": "2022-09-29T15:10:30.000000Z"}, {"uuid": "9024b4c5-3be4-48c7-8d86-b24517ea67e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-7246", "type": "seen", "source": "https://t.me/cveNotify/369", "content": "\ud83d\udea8 CVE-2020-7246\nA remote code execution (RCE) vulnerability exists in qdPM 9.1 and earlier. An attacker can upload a malicious PHP code file via the profile photo functionality, by leveraging a path traversal vulnerability in the users['photop_preview'] delete photo feature, allowing bypass of .htaccess protection. NOTE: this issue exists because of an incomplete fix for CVE-2015-3884.\n\n\ud83c\udf96@cveNotify", "creation_timestamp": "2020-01-21T17:37:37.000000Z"}]}