{"vulnerability": "cve-2015-3884", "sightings": [{"uuid": "30a3b230-41f6-42c4-81b6-29b7f19f3a74", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2015-3884", "type": "seen", "source": "MISP/62d08503-39ee-4ff6-bd11-b87c63bb5ae4", "content": "", "creation_timestamp": "2024-11-14T06:09:43.000000Z"}, {"uuid": "dd6d57ea-85e8-4a02-b342-d05c399004ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2015-3884", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:42.000000Z"}, {"uuid": "39340c1c-23c8-4d2c-a923-6cf1ba938915", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2015-3884", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/qdpm_upload_exec.rb", "content": "", "creation_timestamp": "2018-05-29T15:50:33.000000Z"}, {"uuid": "ef864490-82a2-4509-a1fc-3a6d740df204", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2015-3884", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:09:40.000000Z"}, {"uuid": "5279724c-0c61-4496-a65c-80db07af041c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2015-3884", "type": "seen", "source": "https://t.me/cveNotify/369", "content": "\ud83d\udea8 CVE-2020-7246\nA remote code execution (RCE) vulnerability exists in qdPM 9.1 and earlier. An attacker can upload a malicious PHP code file via the profile photo functionality, by leveraging a path traversal vulnerability in the users['photop_preview'] delete photo feature, allowing bypass of .htaccess protection. NOTE: this issue exists because of an incomplete fix for CVE-2015-3884.\n\n\ud83c\udf96@cveNotify", "creation_timestamp": "2020-01-21T17:37:37.000000Z"}]}