MidnightBSD

Advisories for projeqtor

CVE-2013-6163 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in ProjeQtOr (formerly Project'Or RIA) before 4.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) type parameter to view/parameter.php, (2) p1value parameter to view/main.php, or (3) objectClass parameter to view/objectDetail.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
projeqtor projeqtor 1.5.5
projeqtor projeqtor 3.1.4
projeqtor projeqtor 1.6.2
projeqtor projeqtor 2.2.3
projeqtor projeqtor 3.1.1
projeqtor projeqtor 0.8.1
projeqtor projeqtor 3.2.1
projeqtor projeqtor 0.4.0
projeqtor projeqtor 1.9.0
projeqtor projeqtor 3.1.2
projeqtor projeqtor 1.4.0
projeqtor projeqtor 3.4.1
projeqtor projeqtor 1.4.1
projeqtor projeqtor 1.5.1
projeqtor projeqtor 0.2.0
projeqtor projeqtor 1.3.1
projeqtor projeqtor 0.5.0
projeqtor projeqtor 3.0.1
projeqtor projeqtor 0.7.0
projeqtor projeqtor 1.7.0
projeqtor projeqtor 0.9.0
projeqtor projeqtor 3.1.0
projeqtor projeqtor 3.4.0
projeqtor projeqtor 2.4.2
projeqtor projeqtor 2.1.0
projeqtor projeqtor 3.4.3
projeqtor projeqtor 1.0.1
projeqtor projeqtor 0.3.0
projeqtor projeqtor 2.5.2
projeqtor projeqtor 3.2.2
projeqtor projeqtor 3.3.0
projeqtor projeqtor 2.6.2
projeqtor projeqtor 3.0.2
projeqtor projeqtor 3.3.2
projeqtor projeqtor *
projeqtor projeqtor 2.6.0
projeqtor projeqtor 3.4.2
projeqtor projeqtor 0.8.0
projeqtor projeqtor 1.4.2
projeqtor projeqtor 1.7.1
projeqtor projeqtor 1.7.2
projeqtor projeqtor 2.2.0
projeqtor projeqtor 2.5.3
projeqtor projeqtor 1.8.0
projeqtor projeqtor 1.5.3
projeqtor projeqtor 1.8.3
projeqtor projeqtor 2.2.1
projeqtor projeqtor 2.1.1
projeqtor projeqtor 1.2.1
projeqtor projeqtor 1.1.0
projeqtor projeqtor 1.9.1
projeqtor projeqtor 0.6.1
projeqtor projeqtor 1.6.1
projeqtor projeqtor 2.2.2
projeqtor projeqtor 2.6.3
projeqtor projeqtor 1.5.0
projeqtor projeqtor 1.5.2
projeqtor projeqtor 1.5.4
projeqtor projeqtor 3.3.1
projeqtor projeqtor 2.5.0
projeqtor projeqtor 3.2.0
projeqtor projeqtor 2.4.1
projeqtor projeqtor 0.1.0
projeqtor projeqtor 2.0.0
projeqtor projeqtor 3.1.3
projeqtor projeqtor 2.4.0
projeqtor projeqtor 1.0.0
projeqtor projeqtor 1.2.0
projeqtor projeqtor 2.6.1
projeqtor projeqtor 1.8.2
projeqtor projeqtor 1.3.0
projeqtor projeqtor 1.6.0
projeqtor projeqtor 2.0.1
projeqtor projeqtor 2.5.1
projeqtor projeqtor 2.3.0
projeqtor projeqtor 1.8.1
projeqtor projeqtor 2.4.3
projeqtor projeqtor 0.6.0
projeqtor projeqtor 3.0.0
CVE-2013-6164 HIGH

SQL injection vulnerability in view/objectDetail.php in Project'Or RIA 3.4.0 allows remote attackers to execute arbitrary SQL commands via the objectId parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
projeqtor projeqtor 3.4.0
CVE-2017-11760 MEDIUM

uploadImage.php in ProjeQtOr before 6.3.2 allows remote authenticated users to execute arbitrary PHP code by uploading a .php file composed of concatenated image data and script data, as demonstrated by uploading as an image within the description text area.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-94,

Products Affected

Vendor Product Version
projeqtor projeqtor *
CVE-2018-18924 MEDIUM

The image-upload feature in ProjeQtOr 7.2.5 allows remote attackers to execute arbitrary code by uploading a .shtml file with "#exec cmd" because rejected files remain on the server, with predictable filenames, after a "This file is not a valid image" error message.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-459,

Products Affected

Vendor Product Version
projeqtor projeqtor *
CVE-2021-42940 LOW

A Cross Site Scripting (XSS) vulnerability exists in Projeqtor 9.3.1 via /projeqtor/tool/saveAttachment.php, which allows an attacker to upload a SVG file containing malicious JavaScript code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.9 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 3.1 6.0

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
projeqtor projeqtor *
CVE-2023-49034

Cross Site Scripting (XSS) vulnerability in ProjeQtOr 11.0.2 allows a remote attacker to execute arbitrary code via a crafted script to thecheckvalidHtmlText function in the ack.php and security.php files.

Products Affected

Vendor Product Version
projeqtor projeqtor *