10 matches found
ProjeQtOr 路径遍历漏洞
ProjeQtOr is a project management software developed by the French company ProjeQtOr. Versions 7.0 to 12.4.3 of ProjeQtOr contain a path traversal vulnerability. This vulnerability stems from the lack of validation of the directory traversal sequence in the logname parameter of the...
PT-2026-35445
ProjeQtor versions 7.0 through 12.4.3 contain a stored cross-site scripting vulnerability in the checkValidHtmlText function within Security.php that fails to properly sanitize user input by only detecting specific patterns while returning unsanitized strings without output encoding. Attackers ca...
CVE-2023-49034
Cross Site Scripting XSS vulnerability in ProjeQtOr 11.0.2 allows a remote attacker to execute arbitrary code via a crafted script to thecheckvalidHtmlText function in the ack.php and security.php files...
EUVD-2025-9640
Malicious code in bioql PyPI...
CVE-2024-29387
projeqtor up to 11.2.0 was discovered to contain a remote code execution RCE vulnerability via the component /view/print.php...
CVE-2017-11760
uploadImage.php in ProjeQtOr before 6.3.2 allows remote authenticated users to execute arbitrary PHP code by uploading a .php file composed of concatenated image data and script data, as demonstrated by uploading as an image within the description text area...
CVE-2025-3169
CVE-2025-3169 affects Projeqtor up to 12.0.2. The vulnerability resides in the file /tool/saveAttachment.php where manipulating the attachmentFiles parameter enables unrestricted uploads. It can be triggered remotely, with attack complexity rated as high; exploitation is known to be difficult and...
CVE-2025-3169 Projeqtor saveAttachment.php unrestricted upload
A vulnerability was found in Projeqtor up to 12.0.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /tool/saveAttachment.php. The manipulation of the argument attachmentFiles leads to unrestricted upload. The attack may be launched remotely. The...
PT-2025-14780 · Projeqtor · Projeqtor
Name of the Vulnerable Software and Affected Versions: Projeqtor versions up to 12.0.2 Description: A critical issue affects some unknown functionality of the file /tool/saveAttachment.php, where the manipulation of the attachmentFiles argument leads to unrestricted upload. The attack can be...
PT-2024-22875 · Projeqtor · Projeqtor
Name of the Vulnerable Software and Affected Versions: projeqtor versions up to 11.2.0 Description: The issue is related to a SQL injection vulnerability via the component /view/criticalResourceExport.php. This vulnerability allows for potential exploitation. Recommendations: For versions up to...