4 matches found
CVE-2018-18924
ProjeQtOr Project Management Tool (PMT) 7.2.5 and earlier is vulnerable to remote code execution via image-upload. An attacker can upload a .shtml file containing a #exec cmd payload; rejected uploads remain on the server with predictable filenames after the erroneous image check message, enablin...
CVE-2018-18924
The image-upload feature in ProjeQtOr 7.2.5 allows remote attackers to execute arbitrary code by uploading a .shtml file with "exec cmd" because rejected files remain on the server, with predictable filenames, after a "This file is not a valid image" error message...
ProjeQtOr Project Management Tool 7.2.5 - Remote Code Execution
Exploit Title: ProjeQtOr Project Management Tool 7.2.5 - Remote Code Execution Date: 2018-10-22 Exploit Author: Özkan Mustafa Akkuş AkkuS Contact: https://pentest.com.tr Vendor Homepage: https://www.projeqtor.org Software Link:...
ProjeQtOr Project Management Tool 7.2.5 - Remote Code Execution
ProjeQtOr Project Management Tool 7.2.5 - Remote Code Execution Exploit Title: ProjeQtOr Project Management Tool 7.2.5 - Remote Code Execution Date: 2018-10-22 Exploit Author: Özkan Mustafa Akkuş AkkuS Contact: https://pentest.com.tr Vendor Homepage: https://www.projeqtor.org Software Link:...