5 matches found
CVE-2026-41464
ProjeQtor versions 7.0 through 12.4.3 contain a missing authorization vulnerability in the objectDetail.php endpoint that allows authenticated users with guest-level privileges to retrieve sensitive data belonging to other users including password hashes and API keys. Attackers can bypass access...
CVE-2026-41464
ProjeQtor versions 7.0 through 12.4.3 contain a missing authorization vulnerability in the objectDetail.php endpoint that allows authenticated users with guest-level privileges to retrieve sensitive data belonging to other users including password hashes and API keys. Attackers can bypass access...
CVE-2026-41464
ProjeQtor versions 7.0–12.4.3 expose a missing authorization vulnerability in objectDetail.php. Authenticated users with guest-level privileges can access data belonging to other users (including password hashes and API keys) by directly hitting the endpoint without ownership or RBAC validation, ...
CVE-2026-41464 ProjeQtor < 12.4.4 Missing Authorization via objectDetail.php
ProjeQtor versions 7.0 through 12.4.3 contain a missing authorization vulnerability in the objectDetail.php endpoint that allows authenticated users with guest-level privileges to retrieve sensitive data belonging to other users including password hashes and API keys. Attackers can bypass access...
CVE-2026-41464 ProjeQtor < 12.4.4 Missing Authorization via objectDetail.php
ProjeQtor versions 7.0 through 12.4.3 contain a missing authorization vulnerability in the objectDetail.php endpoint that allows authenticated users with guest-level privileges to retrieve sensitive data belonging to other users including password hashes and API keys. Attackers can bypass access...