Search criteria
24 vulnerabilities found for projeqtor by projeqtor
FKIE_CVE-2024-29387
Vulnerability from fkie_nvd - Published: 2024-04-04 20:15 - Updated: 2025-04-11 13:47
Severity ?
Summary
projeqtor up to 11.2.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /view/print.php.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://cve.anas-cherni.me/2024/04/04/cve-2024-29387/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cve.anas-cherni.me/2024/04/04/cve-2024-29387/ | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6BBAF4BC-C161-4E4A-8E09-BE959F2EC2F4",
"versionEndIncluding": "11.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "projeqtor up to 11.2.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /view/print.php."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que projeqtor hasta la versi\u00f3n 11.2.0 contiene una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo (RCE) a trav\u00e9s del componente /view/print.php."
}
],
"id": "CVE-2024-29387",
"lastModified": "2025-04-11T13:47:11.857",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-04-04T20:15:08.920",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://cve.anas-cherni.me/2024/04/04/cve-2024-29387/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://cve.anas-cherni.me/2024/04/04/cve-2024-29387/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-29386
Vulnerability from fkie_nvd - Published: 2024-04-04 20:15 - Updated: 2025-04-11 13:48
Severity ?
Summary
projeqtor up to 11.2.0 was discovered to contain a SQL injection vulnerability via the component /view/criticalResourceExport.php.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://cve.anas-cherni.me/2024/04/04/cve-2024-29386/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cve.anas-cherni.me/2024/04/04/cve-2024-29386/ | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6BBAF4BC-C161-4E4A-8E09-BE959F2EC2F4",
"versionEndIncluding": "11.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "projeqtor up to 11.2.0 was discovered to contain a SQL injection vulnerability via the component /view/criticalResourceExport.php."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que projeqtor hasta 11.2.0 conten\u00eda una vulnerabilidad de inyecci\u00f3n SQL a trav\u00e9s del componente /view/criticalResourceExport.php."
}
],
"id": "CVE-2024-29386",
"lastModified": "2025-04-11T13:48:17.293",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-04-04T20:15:08.837",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://cve.anas-cherni.me/2024/04/04/cve-2024-29386/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://cve.anas-cherni.me/2024/04/04/cve-2024-29386/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-49034
Vulnerability from fkie_nvd - Published: 2024-02-20 21:15 - Updated: 2025-04-25 20:42
Severity ?
Summary
Cross Site Scripting (XSS) vulnerability in ProjeQtOr 11.0.2 allows a remote attacker to execute arbitrary code via a crafted script to thecheckvalidHtmlText function in the ack.php and security.php files.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://gist.github.com/thedroidgeek/0a9b8189b74f968b5d7b84ec12b8f8f5 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gist.github.com/thedroidgeek/0a9b8189b74f968b5d7b84ec12b8f8f5 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E092CD2-118F-4013-B2C7-8690927AE3E7",
"versionEndIncluding": "11.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in ProjeQtOr 11.0.2 allows a remote attacker to execute arbitrary code via a crafted script to thecheckvalidHtmlText function in the ack.php and security.php files."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross Site Scripting (XSS) en ProjeQtOr 11.0.2 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de un script manipulado para la funci\u00f3n checkvalidHtmlText en los archivos ack.php y security.php."
}
],
"id": "CVE-2023-49034",
"lastModified": "2025-04-25T20:42:56.280",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-02-20T21:15:07.990",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gist.github.com/thedroidgeek/0a9b8189b74f968b5d7b84ec12b8f8f5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gist.github.com/thedroidgeek/0a9b8189b74f968b5d7b84ec12b8f8f5"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2021-42940
Vulnerability from fkie_nvd - Published: 2022-02-11 16:15 - Updated: 2024-11-21 06:28
Severity ?
Summary
A Cross Site Scripting (XSS) vulnerability exists in Projeqtor 9.3.1 via /projeqtor/tool/saveAttachment.php, which allows an attacker to upload a SVG file containing malicious JavaScript code.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://truedigitalsecurity.com/services/penetration-testing-services/advisory-summary-2.2022-cve-2021-42940 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.projeqtor.org/en/ | Product, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://truedigitalsecurity.com/services/penetration-testing-services/advisory-summary-2.2022-cve-2021-42940 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.projeqtor.org/en/ | Product, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37BC1AF1-4CB8-4D8F-9668-5F1AED975310",
"versionEndIncluding": "9.3.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Cross Site Scripting (XSS) vulnerability exists in Projeqtor 9.3.1 via /projeqtor/tool/saveAttachment.php, which allows an attacker to upload a SVG file containing malicious JavaScript code."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) en Projeqtor versi\u00f3n 9.3.1, por medio del archivo /projeqtor/tool/saveAttachment.php, que permite a un atacante cargar un archivo SVG que contenga c\u00f3digo JavaScript malicioso"
}
],
"id": "CVE-2021-42940",
"lastModified": "2024-11-21T06:28:18.550",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-11T16:15:08.620",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://truedigitalsecurity.com/services/penetration-testing-services/advisory-summary-2.2022-cve-2021-42940"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.projeqtor.org/en/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://truedigitalsecurity.com/services/penetration-testing-services/advisory-summary-2.2022-cve-2021-42940"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.projeqtor.org/en/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-18924
Vulnerability from fkie_nvd - Published: 2018-11-04 05:29 - Updated: 2024-11-21 03:56
Severity ?
Summary
The image-upload feature in ProjeQtOr 7.2.5 allows remote attackers to execute arbitrary code by uploading a .shtml file with "#exec cmd" because rejected files remain on the server, with predictable filenames, after a "This file is not a valid image" error message.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://pentest.com.tr/exploits/ProjeQtOr-Project-Management-Tool-7-2-5-Remote-Code-Execution.html | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/45680/ | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pentest.com.tr/exploits/ProjeQtOr-Project-Management-Tool-7-2-5-Remote-Code-Execution.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/45680/ | Exploit, Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8CB23615-3F92-41D5-911E-9FD4F1B4725D",
"versionEndIncluding": "7.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The image-upload feature in ProjeQtOr 7.2.5 allows remote attackers to execute arbitrary code by uploading a .shtml file with \"#exec cmd\" because rejected files remain on the server, with predictable filenames, after a \"This file is not a valid image\" error message."
},
{
"lang": "es",
"value": "La caracter\u00edstica de subida de im\u00e1genes en ProjeQtOr 7.2.5 permite que atacantes remotos ejecuten c\u00f3digo arbitrario subiendo un archivo .shtml con \"#exec cmd\" debido a que los archivos rechazados se mantienen en el servidor con nombres predecibles tras un mensaje de error \"This file is not a valid image\"."
}
],
"id": "CVE-2018-18924",
"lastModified": "2024-11-21T03:56:52.867",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-11-04T05:29:00.303",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://pentest.com.tr/exploits/ProjeQtOr-Project-Management-Tool-7-2-5-Remote-Code-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/45680/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://pentest.com.tr/exploits/ProjeQtOr-Project-Management-Tool-7-2-5-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/45680/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-459"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-11760
Vulnerability from fkie_nvd - Published: 2017-07-31 17:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
uploadImage.php in ProjeQtOr before 6.3.2 allows remote authenticated users to execute arbitrary PHP code by uploading a .php file composed of concatenated image data and script data, as demonstrated by uploading as an image within the description text area.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3AEAB52-B926-4A90-9692-FF6756F4D466",
"versionEndIncluding": "6.3.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "uploadImage.php in ProjeQtOr before 6.3.2 allows remote authenticated users to execute arbitrary PHP code by uploading a .php file composed of concatenated image data and script data, as demonstrated by uploading as an image within the description text area."
},
{
"lang": "es",
"value": "El archivo uploadImage.php en ProjeQtOr anterior a la versi\u00f3n 6.3.2, permite a los usuarios autenticados remotos ejecutar c\u00f3digo PHP arbitrario mediante la carga de un archivo .php compuesto de datos de imagen concatenados y datos de script, como es demostrado por la carga de una imagen dentro del \u00e1rea de texto de descripci\u00f3n."
}
],
"id": "CVE-2017-11760",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-31T17:29:00.273",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
],
"url": "https://track.projeqtor.org/view/main.php?directAccess=true\u0026objectClass=Ticket\u0026objectId=2884"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://track.projeqtor.org/view/main.php?directAccess=true\u0026objectClass=Ticket\u0026objectId=2884"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-6163
Vulnerability from fkie_nvd - Published: 2013-11-14 20:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in ProjeQtOr (formerly Project'Or RIA) before 4.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) type parameter to view/parameter.php, (2) p1value parameter to view/main.php, or (3) objectClass parameter to view/objectDetail.php.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC0664AE-D442-4F86-8367-FE421EF23173",
"versionEndIncluding": "3.4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C00B162-F213-4E62-92EE-0069A4447B73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C75527B9-9F07-4B4B-8AE4-14ABD2C53C02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5F14C7F4-5AD8-4656-8B13-EDE89B2F45DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B99FB5B1-5EB1-4904-8BCC-DFE48F0BF7DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "008727BB-D424-4EFC-8AE4-B939B6E49B9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7600117D-444B-4C05-B677-D7683227FAB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "41EC660D-68D9-4932-AEE8-C38D7125EF46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E89D7DB8-8F4F-4F74-9F41-6FE86C9F8973",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1A7EDFC2-8D81-4691-BACE-7FD0C1B1F81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B87EDED8-A097-4B44-8739-0428CB1836FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "651F5329-9FAB-4023-8D86-B06D6BBD76B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "814976F7-CB2F-47D8-BED4-A379CFF84EAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9E801FA1-37F3-4185-AB46-358549D0C098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E0433677-7E30-448A-91F0-9CF5B998DCD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AFC400B1-222F-493D-B7EA-18DF7F72B2B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "88092438-FBF3-49DB-A5FA-9BCEB34AE5D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E59EF4E0-8EB6-4EDF-8474-EA3EAF285ED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6830D9A6-2BB1-4AA8-90EC-759074ACEDD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D7C3013E-7F67-482A-9DD7-C218D6E758A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3615DFE1-422E-4E13-8F1B-E901FAB1646D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "621C5FC9-E163-4C5C-82E8-962FC4CF20F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB7208BE-ED3D-40B5-B336-04ED6456C8AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A367740-DAC9-43E0-BA4D-419D77A32DD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "085DBB27-DD11-4F83-B019-15568FBA2F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E1E1AB94-FF0A-4D65-9792-16AD72D1BF28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4A614403-E765-4455-BBC3-90E6AC621FF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "224D56C7-23EA-43BF-A122-DBE8A2687EE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C0BF1C83-74F6-4314-B69F-490C23C24916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F7632A05-3083-44A1-88F9-62974166A6BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CF41999E-E37C-4EB3-9E13-03D81DB96895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "306BE72B-E9B8-4EF6-A46A-17F76C08B617",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8376DFF-3812-4F91-97D0-6325B247DCF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9296CFD4-7519-4E1F-85AD-E9B926A7F55A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "065E1E02-CA22-4D2A-A5EA-05E7E4690D1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "144ACA04-BB80-467F-B0FC-E02DB82374BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3E4D52B4-73D0-41B7-8DFA-627C877FE837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "52B0BEB6-B810-44B7-B6F6-9F7420293A9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "652E7A16-D5E1-49B6-A03C-AE6C9E0E6DF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D4BFFF97-87E5-4C27-A7CB-369A26848BB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A1B9A2F-273E-4630-BF1A-4926AD49646C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D1259DD-C0A8-4906-9E6B-24434B95E449",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FAA13BE3-7DCC-4259-8C68-8D4BDEED8849",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7DA3938C-514F-4488-88B4-631C20D17141",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C6AC024B-7ABF-4388-9276-F64BFEAA51F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "426A8738-05E4-4D66-B71F-36576EF1EBD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "70456997-69B3-4477-9D6E-EDDD01DDF863",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E8177D46-509D-4F1A-8B93-28C3FF117AFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B0DA2284-C4F9-4B12-9E85-9C9EAD6C2B6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "286754AE-A256-4C48-8338-A86EC58A50C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB5FEA35-B295-4447-89DC-8DA98028F750",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CF5CD7D3-DDF9-4822-A763-1EA7D09D19E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1CBDC87E-BDB6-482C-9FAF-1EC9678A0860",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AAB504EE-3B21-4C27-90B4-59CD08CF0CF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6DA853C-1635-4636-A802-C55D7062F386",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A70EA765-F56A-48FD-B065-B7CFEB598A71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "66D22EF6-3977-46BB-AACA-2643592A5C66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DDD51726-B37F-4DF7-B989-E5136749A7B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A2D3AD9A-E8BB-41BC-86CA-FFBA33D83B5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1CAB3A47-9F63-4BBA-B700-A9E1E44D0F1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D4B60B71-6317-491C-85CE-0A6F86F6DDB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "97A27407-4A96-44C3-AB0D-E533162BCDF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "532F8BE3-1DD9-498D-9698-DCCF00C65518",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DBE6C3AF-3BEA-4B98-B8F6-E517510289DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "39781C80-1646-49F6-B121-5664F0EC5A48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CBDA8E1F-7318-453A-B86D-69B3E1542F18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A46A9511-67E1-4741-8B81-AE2979376CC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E7E18975-6E3B-496A-BE27-0974FE42E84C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0CB87FE9-EC26-4659-AC9C-65282E2EF117",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "565D18DF-B8FD-4EB0-8C1B-63B64623A82F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CCB19070-47B2-4EFF-AD8C-27F6D14313A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7AFC78F5-F07A-4F05-A26A-3E194D9B73E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D48F8E7D-E143-45F0-A401-7FF0E4606F09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D86662A-F4D4-4BDB-A2FC-ED2C18339B38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8B394C0A-394B-4F5B-8106-AE984D22854C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:3.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9777A767-5392-4907-B6EC-2F53581DFB30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "99EB83CB-CA5D-4CA4-805E-04FD094F39F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "75137A61-F9A5-4915-AB83-14C2233C5771",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8798D0F1-BD52-483C-9E23-744CD8BF8A4D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ProjeQtOr (formerly Project\u0027Or RIA) before 4.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) type parameter to view/parameter.php, (2) p1value parameter to view/main.php, or (3) objectClass parameter to view/objectDetail.php."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades XSS en ProjeQtOr (formalmente Project\u0027Or RIA) anterior a la versi\u00f3n 4.0.0 permite a atacantes remotos inyectar script web o HTML arbitrario a trav\u00e9s del (1) tipo de par\u00e1metro a view/parameter.php, (2) par\u00e1metro a view/main.php, o (3) par\u00e1metro objectClass a view/objectDetail.php."
}
],
"id": "CVE-2013-6163",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-11-14T20:55:04.917",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0021.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0032.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/99366"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/99368"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/99369"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/123916"
},
{
"source": "cve@mitre.org",
"url": "http://projectorria.org/index.php/menu_download_en/menu_history_en"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/55451"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/63539"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88583"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0032.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/99366"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/99368"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/99369"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/123916"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://projectorria.org/index.php/menu_download_en/menu_history_en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/55451"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/63539"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88583"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-6164
Vulnerability from fkie_nvd - Published: 2013-11-14 20:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
SQL injection vulnerability in view/objectDetail.php in Project'Or RIA 3.4.0 allows remote attackers to execute arbitrary SQL commands via the objectId parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:projeqtor:projeqtor:3.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9777A767-5392-4907-B6EC-2F53581DFB30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in view/objectDetail.php in Project\u0027Or RIA 3.4.0 allows remote attackers to execute arbitrary SQL commands via the objectId parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en view/objectDetail.php en Project\u0027OR RIA 3.4.0 permite a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s del par\u00e1metro objectId."
}
],
"id": "CVE-2013-6164",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-11-14T20:55:04.980",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0020.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0031.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/99367"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/123915"
},
{
"source": "cve@mitre.org",
"url": "http://projectorria.org/index.php/menu_download_en/menu_history_en"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/55451"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/29517"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/63538"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88584"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0031.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/99367"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/123915"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://projectorria.org/index.php/menu_download_en/menu_history_en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/55451"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/29517"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/63538"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88584"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2024-29387 (GCVE-0-2024-29387)
Vulnerability from cvelistv5 – Published: 2024-04-04 00:00 – Updated: 2024-08-16 17:35
VLAI?
Summary
projeqtor up to 11.2.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /view/print.php.
Severity ?
8.8 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:10:55.443Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cve.anas-cherni.me/2024/04/04/cve-2024-29387/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:projeqtor:projeqtor:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "projeqtor",
"vendor": "projeqtor",
"versions": [
{
"lessThan": "11.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-29387",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-05T19:21:23.335367Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-16T17:35:40.051Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "projeqtor up to 11.2.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /view/print.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-04T20:01:00.963783",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://cve.anas-cherni.me/2024/04/04/cve-2024-29387/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-29387",
"datePublished": "2024-04-04T00:00:00",
"dateReserved": "2024-03-19T00:00:00",
"dateUpdated": "2024-08-16T17:35:40.051Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-29386 (GCVE-0-2024-29386)
Vulnerability from cvelistv5 – Published: 2024-04-04 00:00 – Updated: 2024-08-19 19:21
VLAI?
Summary
projeqtor up to 11.2.0 was discovered to contain a SQL injection vulnerability via the component /view/criticalResourceExport.php.
Severity ?
5.4 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:10:55.364Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cve.anas-cherni.me/2024/04/04/cve-2024-29386/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:projeqtor:projeqtor:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "projeqtor",
"vendor": "projeqtor",
"versions": [
{
"lessThan": "11.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-29386",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-19T19:19:53.357106Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-19T19:21:03.693Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "projeqtor up to 11.2.0 was discovered to contain a SQL injection vulnerability via the component /view/criticalResourceExport.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-04T19:50:31.505387",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://cve.anas-cherni.me/2024/04/04/cve-2024-29386/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-29386",
"datePublished": "2024-04-04T00:00:00",
"dateReserved": "2024-03-19T00:00:00",
"dateUpdated": "2024-08-19T19:21:03.693Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49034 (GCVE-0-2023-49034)
Vulnerability from cvelistv5 – Published: 2024-02-20 00:00 – Updated: 2024-08-29 15:11
VLAI?
Summary
Cross Site Scripting (XSS) vulnerability in ProjeQtOr 11.0.2 allows a remote attacker to execute arbitrary code via a crafted script to thecheckvalidHtmlText function in the ack.php and security.php files.
Severity ?
6.1 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:46:28.989Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://gist.github.com/thedroidgeek/0a9b8189b74f968b5d7b84ec12b8f8f5"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:projeqtor:projeqtor:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "projeqtor",
"vendor": "projeqtor",
"versions": [
{
"status": "affected",
"version": "11.0.2"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-49034",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-21T15:40:04.558799Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T15:11:44.896Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in ProjeQtOr 11.0.2 allows a remote attacker to execute arbitrary code via a crafted script to thecheckvalidHtmlText function in the ack.php and security.php files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-20T20:38:19.012263",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gist.github.com/thedroidgeek/0a9b8189b74f968b5d7b84ec12b8f8f5"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-49034",
"datePublished": "2024-02-20T00:00:00",
"dateReserved": "2023-11-20T00:00:00",
"dateUpdated": "2024-08-29T15:11:44.896Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42940 (GCVE-0-2021-42940)
Vulnerability from cvelistv5 – Published: 2022-02-11 15:54 – Updated: 2024-08-04 03:47
VLAI?
Summary
A Cross Site Scripting (XSS) vulnerability exists in Projeqtor 9.3.1 via /projeqtor/tool/saveAttachment.php, which allows an attacker to upload a SVG file containing malicious JavaScript code.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:47:12.488Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.projeqtor.org/en/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://truedigitalsecurity.com/services/penetration-testing-services/advisory-summary-2.2022-cve-2021-42940"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Cross Site Scripting (XSS) vulnerability exists in Projeqtor 9.3.1 via /projeqtor/tool/saveAttachment.php, which allows an attacker to upload a SVG file containing malicious JavaScript code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-11T15:54:30",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.projeqtor.org/en/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://truedigitalsecurity.com/services/penetration-testing-services/advisory-summary-2.2022-cve-2021-42940"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-42940",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross Site Scripting (XSS) vulnerability exists in Projeqtor 9.3.1 via /projeqtor/tool/saveAttachment.php, which allows an attacker to upload a SVG file containing malicious JavaScript code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.projeqtor.org/en/",
"refsource": "MISC",
"url": "https://www.projeqtor.org/en/"
},
{
"name": "https://truedigitalsecurity.com/services/penetration-testing-services/advisory-summary-2.2022-cve-2021-42940",
"refsource": "MISC",
"url": "https://truedigitalsecurity.com/services/penetration-testing-services/advisory-summary-2.2022-cve-2021-42940"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-42940",
"datePublished": "2022-02-11T15:54:30",
"dateReserved": "2021-10-25T00:00:00",
"dateUpdated": "2024-08-04T03:47:12.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18924 (GCVE-0-2018-18924)
Vulnerability from cvelistv5 – Published: 2018-11-04 06:00 – Updated: 2024-08-05 11:23
VLAI?
Summary
The image-upload feature in ProjeQtOr 7.2.5 allows remote attackers to execute arbitrary code by uploading a .shtml file with "#exec cmd" because rejected files remain on the server, with predictable filenames, after a "This file is not a valid image" error message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:23:08.483Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45680",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45680/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pentest.com.tr/exploits/ProjeQtOr-Project-Management-Tool-7-2-5-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The image-upload feature in ProjeQtOr 7.2.5 allows remote attackers to execute arbitrary code by uploading a .shtml file with \"#exec cmd\" because rejected files remain on the server, with predictable filenames, after a \"This file is not a valid image\" error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-04T06:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "45680",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45680/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pentest.com.tr/exploits/ProjeQtOr-Project-Management-Tool-7-2-5-Remote-Code-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18924",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The image-upload feature in ProjeQtOr 7.2.5 allows remote attackers to execute arbitrary code by uploading a .shtml file with \"#exec cmd\" because rejected files remain on the server, with predictable filenames, after a \"This file is not a valid image\" error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45680",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45680/"
},
{
"name": "https://pentest.com.tr/exploits/ProjeQtOr-Project-Management-Tool-7-2-5-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "https://pentest.com.tr/exploits/ProjeQtOr-Project-Management-Tool-7-2-5-Remote-Code-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18924",
"datePublished": "2018-11-04T06:00:00",
"dateReserved": "2018-11-04T00:00:00",
"dateUpdated": "2024-08-05T11:23:08.483Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-11760 (GCVE-0-2017-11760)
Vulnerability from cvelistv5 – Published: 2017-07-31 17:00 – Updated: 2024-09-16 16:38
VLAI?
Summary
uploadImage.php in ProjeQtOr before 6.3.2 allows remote authenticated users to execute arbitrary PHP code by uploading a .php file composed of concatenated image data and script data, as demonstrated by uploading as an image within the description text area.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:19:38.919Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://track.projeqtor.org/view/main.php?directAccess=true\u0026objectClass=Ticket\u0026objectId=2884"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "uploadImage.php in ProjeQtOr before 6.3.2 allows remote authenticated users to execute arbitrary PHP code by uploading a .php file composed of concatenated image data and script data, as demonstrated by uploading as an image within the description text area."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-31T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://track.projeqtor.org/view/main.php?directAccess=true\u0026objectClass=Ticket\u0026objectId=2884"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11760",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "uploadImage.php in ProjeQtOr before 6.3.2 allows remote authenticated users to execute arbitrary PHP code by uploading a .php file composed of concatenated image data and script data, as demonstrated by uploading as an image within the description text area."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://track.projeqtor.org/view/main.php?directAccess=true\u0026objectClass=Ticket\u0026objectId=2884",
"refsource": "CONFIRM",
"url": "https://track.projeqtor.org/view/main.php?directAccess=true\u0026objectClass=Ticket\u0026objectId=2884"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-11760",
"datePublished": "2017-07-31T17:00:00Z",
"dateReserved": "2017-07-31T00:00:00Z",
"dateUpdated": "2024-09-16T16:38:00.710Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6164 (GCVE-0-2013-6164)
Vulnerability from cvelistv5 – Published: 2013-11-14 20:00 – Updated: 2024-08-06 17:29
VLAI?
Summary
SQL injection vulnerability in view/objectDetail.php in Project'Or RIA 3.4.0 allows remote attackers to execute arbitrary SQL commands via the objectId parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:29:43.026Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "55451",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55451"
},
{
"name": "99367",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/99367"
},
{
"name": "projeqtor-cve20136164-sql-injection(88584)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88584"
},
{
"name": "20131105 [ISecAuditors Security Advisories] SQL Injection vulnerability in \"Project\u0027Or RIA\" allow arbitrary access to the database and the file system",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0020.html"
},
{
"name": "63538",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/63538"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://projectorria.org/index.php/menu_download_en/menu_history_en"
},
{
"name": "29517",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/29517"
},
{
"name": "20131105 [ISecAuditors Security Advisories] SQL Injection vulnerability in \"Project\u0027Or RIA\" allow arbitrary access to the database and the file system",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0031.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/123915"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in view/objectDetail.php in Project\u0027Or RIA 3.4.0 allows remote attackers to execute arbitrary SQL commands via the objectId parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "55451",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55451"
},
{
"name": "99367",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/99367"
},
{
"name": "projeqtor-cve20136164-sql-injection(88584)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88584"
},
{
"name": "20131105 [ISecAuditors Security Advisories] SQL Injection vulnerability in \"Project\u0027Or RIA\" allow arbitrary access to the database and the file system",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0020.html"
},
{
"name": "63538",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/63538"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://projectorria.org/index.php/menu_download_en/menu_history_en"
},
{
"name": "29517",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/29517"
},
{
"name": "20131105 [ISecAuditors Security Advisories] SQL Injection vulnerability in \"Project\u0027Or RIA\" allow arbitrary access to the database and the file system",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0031.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/123915"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6164",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in view/objectDetail.php in Project\u0027Or RIA 3.4.0 allows remote attackers to execute arbitrary SQL commands via the objectId parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "55451",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55451"
},
{
"name": "99367",
"refsource": "OSVDB",
"url": "http://osvdb.org/99367"
},
{
"name": "projeqtor-cve20136164-sql-injection(88584)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88584"
},
{
"name": "20131105 [ISecAuditors Security Advisories] SQL Injection vulnerability in \"Project\u0027Or RIA\" allow arbitrary access to the database and the file system",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0020.html"
},
{
"name": "63538",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/63538"
},
{
"name": "http://projectorria.org/index.php/menu_download_en/menu_history_en",
"refsource": "MISC",
"url": "http://projectorria.org/index.php/menu_download_en/menu_history_en"
},
{
"name": "29517",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/29517"
},
{
"name": "20131105 [ISecAuditors Security Advisories] SQL Injection vulnerability in \"Project\u0027Or RIA\" allow arbitrary access to the database and the file system",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0031.html"
},
{
"name": "http://packetstormsecurity.com/files/123915",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/123915"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-6164",
"datePublished": "2013-11-14T20:00:00",
"dateReserved": "2013-10-16T00:00:00",
"dateUpdated": "2024-08-06T17:29:43.026Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6163 (GCVE-0-2013-6163)
Vulnerability from cvelistv5 – Published: 2013-11-14 20:00 – Updated: 2024-08-06 17:29
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in ProjeQtOr (formerly Project'Or RIA) before 4.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) type parameter to view/parameter.php, (2) p1value parameter to view/main.php, or (3) objectClass parameter to view/objectDetail.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:29:42.983Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99368",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/99368"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://projectorria.org/index.php/menu_download_en/menu_history_en"
},
{
"name": "63539",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/63539"
},
{
"name": "55451",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55451"
},
{
"name": "20131105 [ISecAuditors Security Advisories] Multiple XSS vulnerabilities in \"Project\u0027Or RIA\"",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0032.html"
},
{
"name": "20131105 [ISecAuditors Security Advisories] Multiple XSS vulnerabilities in \"Project\u0027Or RIA\"",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0021.html"
},
{
"name": "projeqtor-cve20136163-xss(88583)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88583"
},
{
"name": "99369",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/99369"
},
{
"name": "99366",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/99366"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/123916"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ProjeQtOr (formerly Project\u0027Or RIA) before 4.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) type parameter to view/parameter.php, (2) p1value parameter to view/main.php, or (3) objectClass parameter to view/objectDetail.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "99368",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/99368"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://projectorria.org/index.php/menu_download_en/menu_history_en"
},
{
"name": "63539",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/63539"
},
{
"name": "55451",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55451"
},
{
"name": "20131105 [ISecAuditors Security Advisories] Multiple XSS vulnerabilities in \"Project\u0027Or RIA\"",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0032.html"
},
{
"name": "20131105 [ISecAuditors Security Advisories] Multiple XSS vulnerabilities in \"Project\u0027Or RIA\"",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0021.html"
},
{
"name": "projeqtor-cve20136163-xss(88583)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88583"
},
{
"name": "99369",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/99369"
},
{
"name": "99366",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/99366"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/123916"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6163",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ProjeQtOr (formerly Project\u0027Or RIA) before 4.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) type parameter to view/parameter.php, (2) p1value parameter to view/main.php, or (3) objectClass parameter to view/objectDetail.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99368",
"refsource": "OSVDB",
"url": "http://osvdb.org/99368"
},
{
"name": "http://projectorria.org/index.php/menu_download_en/menu_history_en",
"refsource": "CONFIRM",
"url": "http://projectorria.org/index.php/menu_download_en/menu_history_en"
},
{
"name": "63539",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/63539"
},
{
"name": "55451",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55451"
},
{
"name": "20131105 [ISecAuditors Security Advisories] Multiple XSS vulnerabilities in \"Project\u0027Or RIA\"",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0032.html"
},
{
"name": "20131105 [ISecAuditors Security Advisories] Multiple XSS vulnerabilities in \"Project\u0027Or RIA\"",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0021.html"
},
{
"name": "projeqtor-cve20136163-xss(88583)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88583"
},
{
"name": "99369",
"refsource": "OSVDB",
"url": "http://osvdb.org/99369"
},
{
"name": "99366",
"refsource": "OSVDB",
"url": "http://osvdb.org/99366"
},
{
"name": "http://packetstormsecurity.com/files/123916",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/123916"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-6163",
"datePublished": "2013-11-14T20:00:00",
"dateReserved": "2013-10-16T00:00:00",
"dateUpdated": "2024-08-06T17:29:42.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-29387 (GCVE-0-2024-29387)
Vulnerability from nvd – Published: 2024-04-04 00:00 – Updated: 2024-08-16 17:35
VLAI?
Summary
projeqtor up to 11.2.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /view/print.php.
Severity ?
8.8 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:10:55.443Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cve.anas-cherni.me/2024/04/04/cve-2024-29387/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:projeqtor:projeqtor:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "projeqtor",
"vendor": "projeqtor",
"versions": [
{
"lessThan": "11.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-29387",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-05T19:21:23.335367Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-16T17:35:40.051Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "projeqtor up to 11.2.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /view/print.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-04T20:01:00.963783",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://cve.anas-cherni.me/2024/04/04/cve-2024-29387/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-29387",
"datePublished": "2024-04-04T00:00:00",
"dateReserved": "2024-03-19T00:00:00",
"dateUpdated": "2024-08-16T17:35:40.051Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-29386 (GCVE-0-2024-29386)
Vulnerability from nvd – Published: 2024-04-04 00:00 – Updated: 2024-08-19 19:21
VLAI?
Summary
projeqtor up to 11.2.0 was discovered to contain a SQL injection vulnerability via the component /view/criticalResourceExport.php.
Severity ?
5.4 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:10:55.364Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cve.anas-cherni.me/2024/04/04/cve-2024-29386/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:projeqtor:projeqtor:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "projeqtor",
"vendor": "projeqtor",
"versions": [
{
"lessThan": "11.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-29386",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-19T19:19:53.357106Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-19T19:21:03.693Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "projeqtor up to 11.2.0 was discovered to contain a SQL injection vulnerability via the component /view/criticalResourceExport.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-04T19:50:31.505387",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://cve.anas-cherni.me/2024/04/04/cve-2024-29386/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-29386",
"datePublished": "2024-04-04T00:00:00",
"dateReserved": "2024-03-19T00:00:00",
"dateUpdated": "2024-08-19T19:21:03.693Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49034 (GCVE-0-2023-49034)
Vulnerability from nvd – Published: 2024-02-20 00:00 – Updated: 2024-08-29 15:11
VLAI?
Summary
Cross Site Scripting (XSS) vulnerability in ProjeQtOr 11.0.2 allows a remote attacker to execute arbitrary code via a crafted script to thecheckvalidHtmlText function in the ack.php and security.php files.
Severity ?
6.1 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:46:28.989Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://gist.github.com/thedroidgeek/0a9b8189b74f968b5d7b84ec12b8f8f5"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:projeqtor:projeqtor:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "projeqtor",
"vendor": "projeqtor",
"versions": [
{
"status": "affected",
"version": "11.0.2"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-49034",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-21T15:40:04.558799Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T15:11:44.896Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in ProjeQtOr 11.0.2 allows a remote attacker to execute arbitrary code via a crafted script to thecheckvalidHtmlText function in the ack.php and security.php files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-20T20:38:19.012263",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gist.github.com/thedroidgeek/0a9b8189b74f968b5d7b84ec12b8f8f5"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-49034",
"datePublished": "2024-02-20T00:00:00",
"dateReserved": "2023-11-20T00:00:00",
"dateUpdated": "2024-08-29T15:11:44.896Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42940 (GCVE-0-2021-42940)
Vulnerability from nvd – Published: 2022-02-11 15:54 – Updated: 2024-08-04 03:47
VLAI?
Summary
A Cross Site Scripting (XSS) vulnerability exists in Projeqtor 9.3.1 via /projeqtor/tool/saveAttachment.php, which allows an attacker to upload a SVG file containing malicious JavaScript code.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:47:12.488Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.projeqtor.org/en/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://truedigitalsecurity.com/services/penetration-testing-services/advisory-summary-2.2022-cve-2021-42940"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Cross Site Scripting (XSS) vulnerability exists in Projeqtor 9.3.1 via /projeqtor/tool/saveAttachment.php, which allows an attacker to upload a SVG file containing malicious JavaScript code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-11T15:54:30",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.projeqtor.org/en/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://truedigitalsecurity.com/services/penetration-testing-services/advisory-summary-2.2022-cve-2021-42940"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-42940",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross Site Scripting (XSS) vulnerability exists in Projeqtor 9.3.1 via /projeqtor/tool/saveAttachment.php, which allows an attacker to upload a SVG file containing malicious JavaScript code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.projeqtor.org/en/",
"refsource": "MISC",
"url": "https://www.projeqtor.org/en/"
},
{
"name": "https://truedigitalsecurity.com/services/penetration-testing-services/advisory-summary-2.2022-cve-2021-42940",
"refsource": "MISC",
"url": "https://truedigitalsecurity.com/services/penetration-testing-services/advisory-summary-2.2022-cve-2021-42940"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-42940",
"datePublished": "2022-02-11T15:54:30",
"dateReserved": "2021-10-25T00:00:00",
"dateUpdated": "2024-08-04T03:47:12.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18924 (GCVE-0-2018-18924)
Vulnerability from nvd – Published: 2018-11-04 06:00 – Updated: 2024-08-05 11:23
VLAI?
Summary
The image-upload feature in ProjeQtOr 7.2.5 allows remote attackers to execute arbitrary code by uploading a .shtml file with "#exec cmd" because rejected files remain on the server, with predictable filenames, after a "This file is not a valid image" error message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:23:08.483Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45680",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45680/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pentest.com.tr/exploits/ProjeQtOr-Project-Management-Tool-7-2-5-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The image-upload feature in ProjeQtOr 7.2.5 allows remote attackers to execute arbitrary code by uploading a .shtml file with \"#exec cmd\" because rejected files remain on the server, with predictable filenames, after a \"This file is not a valid image\" error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-04T06:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "45680",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45680/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pentest.com.tr/exploits/ProjeQtOr-Project-Management-Tool-7-2-5-Remote-Code-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18924",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The image-upload feature in ProjeQtOr 7.2.5 allows remote attackers to execute arbitrary code by uploading a .shtml file with \"#exec cmd\" because rejected files remain on the server, with predictable filenames, after a \"This file is not a valid image\" error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45680",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45680/"
},
{
"name": "https://pentest.com.tr/exploits/ProjeQtOr-Project-Management-Tool-7-2-5-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "https://pentest.com.tr/exploits/ProjeQtOr-Project-Management-Tool-7-2-5-Remote-Code-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18924",
"datePublished": "2018-11-04T06:00:00",
"dateReserved": "2018-11-04T00:00:00",
"dateUpdated": "2024-08-05T11:23:08.483Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-11760 (GCVE-0-2017-11760)
Vulnerability from nvd – Published: 2017-07-31 17:00 – Updated: 2024-09-16 16:38
VLAI?
Summary
uploadImage.php in ProjeQtOr before 6.3.2 allows remote authenticated users to execute arbitrary PHP code by uploading a .php file composed of concatenated image data and script data, as demonstrated by uploading as an image within the description text area.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:19:38.919Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://track.projeqtor.org/view/main.php?directAccess=true\u0026objectClass=Ticket\u0026objectId=2884"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "uploadImage.php in ProjeQtOr before 6.3.2 allows remote authenticated users to execute arbitrary PHP code by uploading a .php file composed of concatenated image data and script data, as demonstrated by uploading as an image within the description text area."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-31T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://track.projeqtor.org/view/main.php?directAccess=true\u0026objectClass=Ticket\u0026objectId=2884"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11760",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "uploadImage.php in ProjeQtOr before 6.3.2 allows remote authenticated users to execute arbitrary PHP code by uploading a .php file composed of concatenated image data and script data, as demonstrated by uploading as an image within the description text area."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://track.projeqtor.org/view/main.php?directAccess=true\u0026objectClass=Ticket\u0026objectId=2884",
"refsource": "CONFIRM",
"url": "https://track.projeqtor.org/view/main.php?directAccess=true\u0026objectClass=Ticket\u0026objectId=2884"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-11760",
"datePublished": "2017-07-31T17:00:00Z",
"dateReserved": "2017-07-31T00:00:00Z",
"dateUpdated": "2024-09-16T16:38:00.710Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6164 (GCVE-0-2013-6164)
Vulnerability from nvd – Published: 2013-11-14 20:00 – Updated: 2024-08-06 17:29
VLAI?
Summary
SQL injection vulnerability in view/objectDetail.php in Project'Or RIA 3.4.0 allows remote attackers to execute arbitrary SQL commands via the objectId parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:29:43.026Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "55451",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55451"
},
{
"name": "99367",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/99367"
},
{
"name": "projeqtor-cve20136164-sql-injection(88584)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88584"
},
{
"name": "20131105 [ISecAuditors Security Advisories] SQL Injection vulnerability in \"Project\u0027Or RIA\" allow arbitrary access to the database and the file system",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0020.html"
},
{
"name": "63538",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/63538"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://projectorria.org/index.php/menu_download_en/menu_history_en"
},
{
"name": "29517",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/29517"
},
{
"name": "20131105 [ISecAuditors Security Advisories] SQL Injection vulnerability in \"Project\u0027Or RIA\" allow arbitrary access to the database and the file system",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0031.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/123915"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in view/objectDetail.php in Project\u0027Or RIA 3.4.0 allows remote attackers to execute arbitrary SQL commands via the objectId parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "55451",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55451"
},
{
"name": "99367",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/99367"
},
{
"name": "projeqtor-cve20136164-sql-injection(88584)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88584"
},
{
"name": "20131105 [ISecAuditors Security Advisories] SQL Injection vulnerability in \"Project\u0027Or RIA\" allow arbitrary access to the database and the file system",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0020.html"
},
{
"name": "63538",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/63538"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://projectorria.org/index.php/menu_download_en/menu_history_en"
},
{
"name": "29517",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/29517"
},
{
"name": "20131105 [ISecAuditors Security Advisories] SQL Injection vulnerability in \"Project\u0027Or RIA\" allow arbitrary access to the database and the file system",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0031.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/123915"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6164",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in view/objectDetail.php in Project\u0027Or RIA 3.4.0 allows remote attackers to execute arbitrary SQL commands via the objectId parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "55451",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55451"
},
{
"name": "99367",
"refsource": "OSVDB",
"url": "http://osvdb.org/99367"
},
{
"name": "projeqtor-cve20136164-sql-injection(88584)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88584"
},
{
"name": "20131105 [ISecAuditors Security Advisories] SQL Injection vulnerability in \"Project\u0027Or RIA\" allow arbitrary access to the database and the file system",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0020.html"
},
{
"name": "63538",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/63538"
},
{
"name": "http://projectorria.org/index.php/menu_download_en/menu_history_en",
"refsource": "MISC",
"url": "http://projectorria.org/index.php/menu_download_en/menu_history_en"
},
{
"name": "29517",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/29517"
},
{
"name": "20131105 [ISecAuditors Security Advisories] SQL Injection vulnerability in \"Project\u0027Or RIA\" allow arbitrary access to the database and the file system",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0031.html"
},
{
"name": "http://packetstormsecurity.com/files/123915",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/123915"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-6164",
"datePublished": "2013-11-14T20:00:00",
"dateReserved": "2013-10-16T00:00:00",
"dateUpdated": "2024-08-06T17:29:43.026Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6163 (GCVE-0-2013-6163)
Vulnerability from nvd – Published: 2013-11-14 20:00 – Updated: 2024-08-06 17:29
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in ProjeQtOr (formerly Project'Or RIA) before 4.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) type parameter to view/parameter.php, (2) p1value parameter to view/main.php, or (3) objectClass parameter to view/objectDetail.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:29:42.983Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99368",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/99368"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://projectorria.org/index.php/menu_download_en/menu_history_en"
},
{
"name": "63539",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/63539"
},
{
"name": "55451",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55451"
},
{
"name": "20131105 [ISecAuditors Security Advisories] Multiple XSS vulnerabilities in \"Project\u0027Or RIA\"",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0032.html"
},
{
"name": "20131105 [ISecAuditors Security Advisories] Multiple XSS vulnerabilities in \"Project\u0027Or RIA\"",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0021.html"
},
{
"name": "projeqtor-cve20136163-xss(88583)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88583"
},
{
"name": "99369",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/99369"
},
{
"name": "99366",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/99366"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/123916"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ProjeQtOr (formerly Project\u0027Or RIA) before 4.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) type parameter to view/parameter.php, (2) p1value parameter to view/main.php, or (3) objectClass parameter to view/objectDetail.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "99368",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/99368"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://projectorria.org/index.php/menu_download_en/menu_history_en"
},
{
"name": "63539",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/63539"
},
{
"name": "55451",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55451"
},
{
"name": "20131105 [ISecAuditors Security Advisories] Multiple XSS vulnerabilities in \"Project\u0027Or RIA\"",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0032.html"
},
{
"name": "20131105 [ISecAuditors Security Advisories] Multiple XSS vulnerabilities in \"Project\u0027Or RIA\"",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0021.html"
},
{
"name": "projeqtor-cve20136163-xss(88583)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88583"
},
{
"name": "99369",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/99369"
},
{
"name": "99366",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/99366"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/123916"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6163",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ProjeQtOr (formerly Project\u0027Or RIA) before 4.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) type parameter to view/parameter.php, (2) p1value parameter to view/main.php, or (3) objectClass parameter to view/objectDetail.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99368",
"refsource": "OSVDB",
"url": "http://osvdb.org/99368"
},
{
"name": "http://projectorria.org/index.php/menu_download_en/menu_history_en",
"refsource": "CONFIRM",
"url": "http://projectorria.org/index.php/menu_download_en/menu_history_en"
},
{
"name": "63539",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/63539"
},
{
"name": "55451",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55451"
},
{
"name": "20131105 [ISecAuditors Security Advisories] Multiple XSS vulnerabilities in \"Project\u0027Or RIA\"",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0032.html"
},
{
"name": "20131105 [ISecAuditors Security Advisories] Multiple XSS vulnerabilities in \"Project\u0027Or RIA\"",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0021.html"
},
{
"name": "projeqtor-cve20136163-xss(88583)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88583"
},
{
"name": "99369",
"refsource": "OSVDB",
"url": "http://osvdb.org/99369"
},
{
"name": "99366",
"refsource": "OSVDB",
"url": "http://osvdb.org/99366"
},
{
"name": "http://packetstormsecurity.com/files/123916",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/123916"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-6163",
"datePublished": "2013-11-14T20:00:00",
"dateReserved": "2013-10-16T00:00:00",
"dateUpdated": "2024-08-06T17:29:42.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}