Lucene search
K

10 matches found

CNNVD
CNNVD
added 2026/04/27 12:0 a.m.11 views

ProjeQtOr 路径遍历漏洞

ProjeQtOr is a project management software developed by the French company ProjeQtOr. Versions 7.0 to 12.4.3 of ProjeQtOr contain a path traversal vulnerability. This vulnerability stems from the lack of validation of the directory traversal sequence in the logname parameter of the...

7.1CVSS5.8AI score0.00541EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.10 views

PT-2026-35445

ProjeQtor versions 7.0 through 12.4.3 contain a stored cross-site scripting vulnerability in the checkValidHtmlText function within Security.php that fails to properly sanitize user input by only detecting specific patterns while returning unsanitized strings without output encoding. Attackers ca...

5.4CVSS4.9AI score0.00184EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/09 12:37 p.m.10 views

CVE-2023-49034

Cross Site Scripting XSS vulnerability in ProjeQtOr 11.0.2 allows a remote attacker to execute arbitrary code via a crafted script to thecheckvalidHtmlText function in the ack.php and security.php files...

6.1CVSS6.3AI score0.00538EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-9640

Malicious code in bioql PyPI...

5CVSS5.4AI score0.00323EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/05/23 10:8 a.m.9 views

CVE-2024-29387

projeqtor up to 11.2.0 was discovered to contain a remote code execution RCE vulnerability via the component /view/print.php...

8.8CVSS8.4AI score0.01236EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:26 a.m.7 views

CVE-2017-11760

uploadImage.php in ProjeQtOr before 6.3.2 allows remote authenticated users to execute arbitrary PHP code by uploading a .php file composed of concatenated image data and script data, as demonstrated by uploading as an image within the description text area...

8.8CVSS7.6AI score0.0128EPSS
Exploits0References1
CVE
CVE
added 2025/04/03 5:0 p.m.56 views

CVE-2025-3169

CVE-2025-3169 affects Projeqtor up to 12.0.2. The vulnerability resides in the file /tool/saveAttachment.php where manipulating the attachmentFiles parameter enables unrestricted uploads. It can be triggered remotely, with attack complexity rated as high; exploitation is known to be difficult and...

5CVSS7AI score0.00323EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/04/03 5:0 p.m.15 views

CVE-2025-3169 Projeqtor saveAttachment.php unrestricted upload

A vulnerability was found in Projeqtor up to 12.0.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /tool/saveAttachment.php. The manipulation of the argument attachmentFiles leads to unrestricted upload. The attack may be launched remotely. The...

5CVSS0.00323EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/04/03 12:0 a.m.6 views

PT-2025-14780 · Projeqtor · Projeqtor

Name of the Vulnerable Software and Affected Versions: Projeqtor versions up to 12.0.2 Description: A critical issue affects some unknown functionality of the file /tool/saveAttachment.php, where the manipulation of the attachmentFiles argument leads to unrestricted upload. The attack can be...

5CVSS5.1AI score0.00323EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2024/04/04 12:0 a.m.5 views

PT-2024-22875 · Projeqtor · Projeqtor

Name of the Vulnerable Software and Affected Versions: projeqtor versions up to 11.2.0 Description: The issue is related to a SQL injection vulnerability via the component /view/criticalResourceExport.php. This vulnerability allows for potential exploitation. Recommendations: For versions up to...

5.4CVSS7.4AI score0.00393EPSS
Exploits1References4
Rows per page
Query Builder