Projeqtor

projeqtor

8 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (8)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-29387 1Projeqtor 1Projeqtor Apr 11, 2025 Apr 4, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 projeqtor up to 11.2.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /view/print.php.
CVE-2024-29386 1Projeqtor 1Projeqtor Apr 11, 2025 Apr 4, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 projeqtor up to 11.2.0 was discovered to contain a SQL injection vulnerability via the component /view/criticalResourceExport.php.
CVE-2023-49034 1Projeqtor 1Projeqtor Apr 25, 2025 Feb 20, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Cross Site Scripting (XSS) vulnerability in ProjeQtOr 11.0.2 allows a remote attacker to execute arbitrary code via a crafted script to thecheckvalidHtmlText function in the ack.php and security.php files.
CVE-2021-42940 1Projeqtor 1Projeqtor Nov 21, 2024 Feb 11, 2022 N/A· v4 9.9 CRITICAL· v3 3.5 LOW· v2 A Cross Site Scripting (XSS) vulnerability exists in Projeqtor 9.3.1 via /projeqtor/tool/saveAttachment.php, which allows an attacker to upload a SVG file containing malicious JavaScript code.
CVE-2018-18924 1Projeqtor 1Projeqtor Nov 21, 2024 Nov 4, 2018 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 The image-upload feature in ProjeQtOr 7.2.5 allows remote attackers to execute arbitrary code by uploading a .shtml file with "#exec cmd" because rejected files remain on the server, with predictable filenames, after a "...Show more The image-upload feature in ProjeQtOr 7.2.5 allows remote attackers to execute arbitrary code by uploading a .shtml file with "#exec cmd" because rejected files remain on the server, with predictable filenames, after a "This file is not a valid image" error message.Show less
CVE-2017-11760 1Projeqtor 1Projeqtor May 13, 2026 Jul 31, 2017 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 uploadImage.php in ProjeQtOr before 6.3.2 allows remote authenticated users to execute arbitrary PHP code by uploading a .php file composed of concatenated image data and script data, as demonstrated by uploading as an i...Show more uploadImage.php in ProjeQtOr before 6.3.2 allows remote authenticated users to execute arbitrary PHP code by uploading a .php file composed of concatenated image data and script data, as demonstrated by uploading as an image within the description text area.Show less
CVE-2013-6164 1Projeqtor 1Projeqtor Apr 29, 2026 Nov 14, 2013 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in view/objectDetail.php in Project'Or RIA 3.4.0 allows remote attackers to execute arbitrary SQL commands via the objectId parameter.
CVE-2013-6163 1Projeqtor 1Projeqtor Apr 29, 2026 Nov 14, 2013 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in ProjeQtOr (formerly Project'Or RIA) before 4.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) type parameter to view/parameter.php, (2)...Show more Multiple cross-site scripting (XSS) vulnerabilities in ProjeQtOr (formerly Project'Or RIA) before 4.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) type parameter to view/parameter.php, (2) p1value parameter to view/main.php, or (3) objectClass parameter to view/objectDetail.php.Show less