Projeqtor

Projeqtor

15 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2026-41467

Exploit
  • EPSS 0.18%
  • Veröffentlicht 27.04.2026 15:11:37
  • Zuletzt bearbeitet 27.04.2026 18:35:53

ProjeQtor versions 7.0 through 12.4.3 contain a stored cross-site scripting vulnerability in the file upload functionality where the checkValidFileName() function fails to restrict HTML and HTM file uploads. Authenticated attackers can upload HTML fi...

5.4

CVE-2026-41466

Exploit
  • EPSS 0.18%
  • Veröffentlicht 27.04.2026 15:11:12
  • Zuletzt bearbeitet 27.04.2026 18:35:53

ProjeQtor versions 7.0 through 12.4.3 contain a stored cross-site scripting vulnerability in the checkValidHtmlText() function within Security.php that fails to properly sanitize user input by only detecting specific patterns while returning unsaniti...

7.1

CVE-2026-41465

Exploit
  • EPSS 0.54%
  • Veröffentlicht 27.04.2026 15:10:48
  • Zuletzt bearbeitet 26.05.2026 14:16:36

ProjeQtor versions 7.0 through 12.4.3 contain a path traversal vulnerability in the log file viewer at dynamicDialog.php where the logname parameter is not validated against directory traversal sequences before constructing file paths. Authenticated ...

6.5

CVE-2026-41464

Exploit
  • EPSS 0.3%
  • Veröffentlicht 27.04.2026 15:10:24
  • Zuletzt bearbeitet 27.04.2026 18:35:53

ProjeQtor versions 7.0 through 12.4.3 contain a missing authorization vulnerability in the objectDetail.php endpoint that allows authenticated users with guest-level privileges to retrieve sensitive data belonging to other users including password ha...

8.8

CVE-2026-41463

Exploit
  • EPSS 1.08%
  • Veröffentlicht 27.04.2026 15:09:54
  • Zuletzt bearbeitet 27.04.2026 18:36:19

ProjeQtor versions 7.0 through 12.4.3 contain a ZipSlip path traversal vulnerability in the plugin upload functionality that allows authenticated attackers with upload permissions to write files outside the intended extraction directory by crafting Z...

9.8

CVE-2026-41462

Exploit
  • EPSS 0.56%
  • Veröffentlicht 27.04.2026 15:08:35
  • Zuletzt bearbeitet 27.04.2026 18:36:19

ProjeQtor versions 7.0 through 12.4.3 contain an unauthenticated SQL injection vulnerability in the login functionality where the login variable is directly concatenated into a SQL query without parameterization or sanitization. Attackers can inject ...

5

CVE-2025-3169

  • EPSS 0.3%
  • Veröffentlicht 03.04.2025 17:15:32
  • Zuletzt bearbeitet 15.04.2026 00:35:42

A vulnerability was found in Projeqtor up to 12.0.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /tool/saveAttachment.php. The manipulation of the argument attachmentFiles leads to unrestricted uplo...

5.4

CVE-2024-29386

Exploit
  • EPSS 0.39%
  • Veröffentlicht 04.04.2024 20:15:08
  • Zuletzt bearbeitet 11.04.2025 13:48:17

projeqtor up to 11.2.0 was discovered to contain a SQL injection vulnerability via the component /view/criticalResourceExport.php.

8.8

CVE-2024-29387

Exploit
  • EPSS 1.24%
  • Veröffentlicht 04.04.2024 20:15:08
  • Zuletzt bearbeitet 11.04.2025 13:47:11

projeqtor up to 11.2.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /view/print.php.

6.1

CVE-2023-49034

Exploit
  • EPSS 0.54%
  • Veröffentlicht 20.02.2024 21:15:07
  • Zuletzt bearbeitet 25.04.2025 20:42:56

Cross Site Scripting (XSS) vulnerability in ProjeQtOr 11.0.2 allows a remote attacker to execute arbitrary code via a crafted script to thecheckvalidHtmlText function in the ack.php and security.php files.