Vulnerabilities > Projeqtor

DATE CVE VULNERABILITY TITLE RISK
2022-02-11 CVE-2021-42940 Cross-site Scripting vulnerability in Projeqtor
A Cross Site Scripting (XSS) vulnerability exists in Projeqtor 9.3.1 via /projeqtor/tool/saveAttachment.php, which allows an attacker to upload a SVG file containing malicious JavaScript code.
network
projeqtor CWE-79
3.5
2018-11-04 CVE-2018-18924 Incomplete Cleanup vulnerability in Projeqtor
The image-upload feature in ProjeQtOr 7.2.5 allows remote attackers to execute arbitrary code by uploading a .shtml file with "#exec cmd" because rejected files remain on the server, with predictable filenames, after a "This file is not a valid image" error message.
network
low complexity
projeqtor CWE-459
6.5
2017-07-31 CVE-2017-11760 Code Injection vulnerability in Projeqtor
uploadImage.php in ProjeQtOr before 6.3.2 allows remote authenticated users to execute arbitrary PHP code by uploading a .php file composed of concatenated image data and script data, as demonstrated by uploading as an image within the description text area.
network
low complexity
projeqtor CWE-94
6.5
2013-11-14 CVE-2013-6164 SQL Injection vulnerability in Projeqtor 3.4.0
SQL injection vulnerability in view/objectDetail.php in Project'Or RIA 3.4.0 allows remote attackers to execute arbitrary SQL commands via the objectId parameter.
network
low complexity
projeqtor CWE-89
7.5
2013-11-14 CVE-2013-6163 Cross-Site Scripting vulnerability in Projeqtor
Multiple cross-site scripting (XSS) vulnerabilities in ProjeQtOr (formerly Project'Or RIA) before 4.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) type parameter to view/parameter.php, (2) p1value parameter to view/main.php, or (3) objectClass parameter to view/objectDetail.php.
network
projeqtor CWE-79
4.3