Aggregates CVE and security vulnerability intelligence across all qto-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk input validation, vendor risk path handling, and vendor risk cross-site scripting and related problems; some flaws may lead to vendor impact unexpected behavior.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2008-2110 | Unrestricted file upload vulnerability in qtofm.php in QTOFileManager 1.0 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request. | [email protected] | 7.5 | 3.01% | 2008-05-07 | 2026-04-23 |
| CVE-2006-3406 | Directory traversal vulnerability in qtofm.php in QTOFileManager 1.0 allows remote attackers to modify arbitrary files via a .. (dot dot) sequence in the edit parameter. | [email protected] | 6.4 | 0.20% | 2006-07-07 | 2026-04-16 |
| CVE-2006-3405 | Cross-site scripting (XSS) vulnerability in qtofm.php in QTOFileManager 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) delete, (2) pathext, and (3) edit parameters. | [email protected] | 5.8 | 0.42% | 2006-07-07 | 2026-04-16 |
| CVE-2006-3132 | Cross-site scripting (XSS) vulnerability in qtofm.php4 in QTOFileManager 1.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter, as originally reported for index.php. | [email protected] | 5.8 | 0.62% | 2006-06-22 | 2026-04-16 |