Search criteria
8 vulnerabilities by projeqtor
CVE-2024-29387 (GCVE-0-2024-29387)
Vulnerability from cvelistv5 – Published: 2024-04-04 00:00 – Updated: 2024-08-16 17:35
VLAI?
Summary
projeqtor up to 11.2.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /view/print.php.
Severity ?
8.8 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:10:55.443Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cve.anas-cherni.me/2024/04/04/cve-2024-29387/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:projeqtor:projeqtor:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "projeqtor",
"vendor": "projeqtor",
"versions": [
{
"lessThan": "11.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-29387",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-05T19:21:23.335367Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-16T17:35:40.051Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "projeqtor up to 11.2.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /view/print.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-04T20:01:00.963783",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://cve.anas-cherni.me/2024/04/04/cve-2024-29387/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-29387",
"datePublished": "2024-04-04T00:00:00",
"dateReserved": "2024-03-19T00:00:00",
"dateUpdated": "2024-08-16T17:35:40.051Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-29386 (GCVE-0-2024-29386)
Vulnerability from cvelistv5 – Published: 2024-04-04 00:00 – Updated: 2024-08-19 19:21
VLAI?
Summary
projeqtor up to 11.2.0 was discovered to contain a SQL injection vulnerability via the component /view/criticalResourceExport.php.
Severity ?
5.4 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:10:55.364Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cve.anas-cherni.me/2024/04/04/cve-2024-29386/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:projeqtor:projeqtor:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "projeqtor",
"vendor": "projeqtor",
"versions": [
{
"lessThan": "11.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-29386",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-19T19:19:53.357106Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-19T19:21:03.693Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "projeqtor up to 11.2.0 was discovered to contain a SQL injection vulnerability via the component /view/criticalResourceExport.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-04T19:50:31.505387",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://cve.anas-cherni.me/2024/04/04/cve-2024-29386/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-29386",
"datePublished": "2024-04-04T00:00:00",
"dateReserved": "2024-03-19T00:00:00",
"dateUpdated": "2024-08-19T19:21:03.693Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49034 (GCVE-0-2023-49034)
Vulnerability from cvelistv5 – Published: 2024-02-20 00:00 – Updated: 2024-08-29 15:11
VLAI?
Summary
Cross Site Scripting (XSS) vulnerability in ProjeQtOr 11.0.2 allows a remote attacker to execute arbitrary code via a crafted script to thecheckvalidHtmlText function in the ack.php and security.php files.
Severity ?
6.1 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:46:28.989Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://gist.github.com/thedroidgeek/0a9b8189b74f968b5d7b84ec12b8f8f5"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:projeqtor:projeqtor:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "projeqtor",
"vendor": "projeqtor",
"versions": [
{
"status": "affected",
"version": "11.0.2"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-49034",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-21T15:40:04.558799Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T15:11:44.896Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in ProjeQtOr 11.0.2 allows a remote attacker to execute arbitrary code via a crafted script to thecheckvalidHtmlText function in the ack.php and security.php files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-20T20:38:19.012263",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gist.github.com/thedroidgeek/0a9b8189b74f968b5d7b84ec12b8f8f5"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-49034",
"datePublished": "2024-02-20T00:00:00",
"dateReserved": "2023-11-20T00:00:00",
"dateUpdated": "2024-08-29T15:11:44.896Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42940 (GCVE-0-2021-42940)
Vulnerability from cvelistv5 – Published: 2022-02-11 15:54 – Updated: 2024-08-04 03:47
VLAI?
Summary
A Cross Site Scripting (XSS) vulnerability exists in Projeqtor 9.3.1 via /projeqtor/tool/saveAttachment.php, which allows an attacker to upload a SVG file containing malicious JavaScript code.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:47:12.488Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.projeqtor.org/en/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://truedigitalsecurity.com/services/penetration-testing-services/advisory-summary-2.2022-cve-2021-42940"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Cross Site Scripting (XSS) vulnerability exists in Projeqtor 9.3.1 via /projeqtor/tool/saveAttachment.php, which allows an attacker to upload a SVG file containing malicious JavaScript code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-11T15:54:30",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.projeqtor.org/en/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://truedigitalsecurity.com/services/penetration-testing-services/advisory-summary-2.2022-cve-2021-42940"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-42940",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross Site Scripting (XSS) vulnerability exists in Projeqtor 9.3.1 via /projeqtor/tool/saveAttachment.php, which allows an attacker to upload a SVG file containing malicious JavaScript code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.projeqtor.org/en/",
"refsource": "MISC",
"url": "https://www.projeqtor.org/en/"
},
{
"name": "https://truedigitalsecurity.com/services/penetration-testing-services/advisory-summary-2.2022-cve-2021-42940",
"refsource": "MISC",
"url": "https://truedigitalsecurity.com/services/penetration-testing-services/advisory-summary-2.2022-cve-2021-42940"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-42940",
"datePublished": "2022-02-11T15:54:30",
"dateReserved": "2021-10-25T00:00:00",
"dateUpdated": "2024-08-04T03:47:12.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18924 (GCVE-0-2018-18924)
Vulnerability from cvelistv5 – Published: 2018-11-04 06:00 – Updated: 2024-08-05 11:23
VLAI?
Summary
The image-upload feature in ProjeQtOr 7.2.5 allows remote attackers to execute arbitrary code by uploading a .shtml file with "#exec cmd" because rejected files remain on the server, with predictable filenames, after a "This file is not a valid image" error message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:23:08.483Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45680",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45680/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pentest.com.tr/exploits/ProjeQtOr-Project-Management-Tool-7-2-5-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The image-upload feature in ProjeQtOr 7.2.5 allows remote attackers to execute arbitrary code by uploading a .shtml file with \"#exec cmd\" because rejected files remain on the server, with predictable filenames, after a \"This file is not a valid image\" error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-04T06:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "45680",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45680/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pentest.com.tr/exploits/ProjeQtOr-Project-Management-Tool-7-2-5-Remote-Code-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18924",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The image-upload feature in ProjeQtOr 7.2.5 allows remote attackers to execute arbitrary code by uploading a .shtml file with \"#exec cmd\" because rejected files remain on the server, with predictable filenames, after a \"This file is not a valid image\" error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45680",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45680/"
},
{
"name": "https://pentest.com.tr/exploits/ProjeQtOr-Project-Management-Tool-7-2-5-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "https://pentest.com.tr/exploits/ProjeQtOr-Project-Management-Tool-7-2-5-Remote-Code-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18924",
"datePublished": "2018-11-04T06:00:00",
"dateReserved": "2018-11-04T00:00:00",
"dateUpdated": "2024-08-05T11:23:08.483Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-11760 (GCVE-0-2017-11760)
Vulnerability from cvelistv5 – Published: 2017-07-31 17:00 – Updated: 2024-09-16 16:38
VLAI?
Summary
uploadImage.php in ProjeQtOr before 6.3.2 allows remote authenticated users to execute arbitrary PHP code by uploading a .php file composed of concatenated image data and script data, as demonstrated by uploading as an image within the description text area.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:19:38.919Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://track.projeqtor.org/view/main.php?directAccess=true\u0026objectClass=Ticket\u0026objectId=2884"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "uploadImage.php in ProjeQtOr before 6.3.2 allows remote authenticated users to execute arbitrary PHP code by uploading a .php file composed of concatenated image data and script data, as demonstrated by uploading as an image within the description text area."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-31T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://track.projeqtor.org/view/main.php?directAccess=true\u0026objectClass=Ticket\u0026objectId=2884"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11760",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "uploadImage.php in ProjeQtOr before 6.3.2 allows remote authenticated users to execute arbitrary PHP code by uploading a .php file composed of concatenated image data and script data, as demonstrated by uploading as an image within the description text area."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://track.projeqtor.org/view/main.php?directAccess=true\u0026objectClass=Ticket\u0026objectId=2884",
"refsource": "CONFIRM",
"url": "https://track.projeqtor.org/view/main.php?directAccess=true\u0026objectClass=Ticket\u0026objectId=2884"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-11760",
"datePublished": "2017-07-31T17:00:00Z",
"dateReserved": "2017-07-31T00:00:00Z",
"dateUpdated": "2024-09-16T16:38:00.710Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6163 (GCVE-0-2013-6163)
Vulnerability from cvelistv5 – Published: 2013-11-14 20:00 – Updated: 2024-08-06 17:29
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in ProjeQtOr (formerly Project'Or RIA) before 4.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) type parameter to view/parameter.php, (2) p1value parameter to view/main.php, or (3) objectClass parameter to view/objectDetail.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:29:42.983Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99368",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/99368"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://projectorria.org/index.php/menu_download_en/menu_history_en"
},
{
"name": "63539",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/63539"
},
{
"name": "55451",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55451"
},
{
"name": "20131105 [ISecAuditors Security Advisories] Multiple XSS vulnerabilities in \"Project\u0027Or RIA\"",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0032.html"
},
{
"name": "20131105 [ISecAuditors Security Advisories] Multiple XSS vulnerabilities in \"Project\u0027Or RIA\"",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0021.html"
},
{
"name": "projeqtor-cve20136163-xss(88583)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88583"
},
{
"name": "99369",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/99369"
},
{
"name": "99366",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/99366"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/123916"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ProjeQtOr (formerly Project\u0027Or RIA) before 4.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) type parameter to view/parameter.php, (2) p1value parameter to view/main.php, or (3) objectClass parameter to view/objectDetail.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "99368",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/99368"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://projectorria.org/index.php/menu_download_en/menu_history_en"
},
{
"name": "63539",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/63539"
},
{
"name": "55451",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55451"
},
{
"name": "20131105 [ISecAuditors Security Advisories] Multiple XSS vulnerabilities in \"Project\u0027Or RIA\"",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0032.html"
},
{
"name": "20131105 [ISecAuditors Security Advisories] Multiple XSS vulnerabilities in \"Project\u0027Or RIA\"",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0021.html"
},
{
"name": "projeqtor-cve20136163-xss(88583)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88583"
},
{
"name": "99369",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/99369"
},
{
"name": "99366",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/99366"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/123916"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6163",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ProjeQtOr (formerly Project\u0027Or RIA) before 4.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) type parameter to view/parameter.php, (2) p1value parameter to view/main.php, or (3) objectClass parameter to view/objectDetail.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99368",
"refsource": "OSVDB",
"url": "http://osvdb.org/99368"
},
{
"name": "http://projectorria.org/index.php/menu_download_en/menu_history_en",
"refsource": "CONFIRM",
"url": "http://projectorria.org/index.php/menu_download_en/menu_history_en"
},
{
"name": "63539",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/63539"
},
{
"name": "55451",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55451"
},
{
"name": "20131105 [ISecAuditors Security Advisories] Multiple XSS vulnerabilities in \"Project\u0027Or RIA\"",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0032.html"
},
{
"name": "20131105 [ISecAuditors Security Advisories] Multiple XSS vulnerabilities in \"Project\u0027Or RIA\"",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0021.html"
},
{
"name": "projeqtor-cve20136163-xss(88583)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88583"
},
{
"name": "99369",
"refsource": "OSVDB",
"url": "http://osvdb.org/99369"
},
{
"name": "99366",
"refsource": "OSVDB",
"url": "http://osvdb.org/99366"
},
{
"name": "http://packetstormsecurity.com/files/123916",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/123916"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-6163",
"datePublished": "2013-11-14T20:00:00",
"dateReserved": "2013-10-16T00:00:00",
"dateUpdated": "2024-08-06T17:29:42.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6164 (GCVE-0-2013-6164)
Vulnerability from cvelistv5 – Published: 2013-11-14 20:00 – Updated: 2024-08-06 17:29
VLAI?
Summary
SQL injection vulnerability in view/objectDetail.php in Project'Or RIA 3.4.0 allows remote attackers to execute arbitrary SQL commands via the objectId parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:29:43.026Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "55451",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55451"
},
{
"name": "99367",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/99367"
},
{
"name": "projeqtor-cve20136164-sql-injection(88584)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88584"
},
{
"name": "20131105 [ISecAuditors Security Advisories] SQL Injection vulnerability in \"Project\u0027Or RIA\" allow arbitrary access to the database and the file system",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0020.html"
},
{
"name": "63538",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/63538"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://projectorria.org/index.php/menu_download_en/menu_history_en"
},
{
"name": "29517",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/29517"
},
{
"name": "20131105 [ISecAuditors Security Advisories] SQL Injection vulnerability in \"Project\u0027Or RIA\" allow arbitrary access to the database and the file system",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0031.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/123915"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in view/objectDetail.php in Project\u0027Or RIA 3.4.0 allows remote attackers to execute arbitrary SQL commands via the objectId parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "55451",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55451"
},
{
"name": "99367",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/99367"
},
{
"name": "projeqtor-cve20136164-sql-injection(88584)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88584"
},
{
"name": "20131105 [ISecAuditors Security Advisories] SQL Injection vulnerability in \"Project\u0027Or RIA\" allow arbitrary access to the database and the file system",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0020.html"
},
{
"name": "63538",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/63538"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://projectorria.org/index.php/menu_download_en/menu_history_en"
},
{
"name": "29517",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/29517"
},
{
"name": "20131105 [ISecAuditors Security Advisories] SQL Injection vulnerability in \"Project\u0027Or RIA\" allow arbitrary access to the database and the file system",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0031.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/123915"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6164",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in view/objectDetail.php in Project\u0027Or RIA 3.4.0 allows remote attackers to execute arbitrary SQL commands via the objectId parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "55451",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55451"
},
{
"name": "99367",
"refsource": "OSVDB",
"url": "http://osvdb.org/99367"
},
{
"name": "projeqtor-cve20136164-sql-injection(88584)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88584"
},
{
"name": "20131105 [ISecAuditors Security Advisories] SQL Injection vulnerability in \"Project\u0027Or RIA\" allow arbitrary access to the database and the file system",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0020.html"
},
{
"name": "63538",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/63538"
},
{
"name": "http://projectorria.org/index.php/menu_download_en/menu_history_en",
"refsource": "MISC",
"url": "http://projectorria.org/index.php/menu_download_en/menu_history_en"
},
{
"name": "29517",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/29517"
},
{
"name": "20131105 [ISecAuditors Security Advisories] SQL Injection vulnerability in \"Project\u0027Or RIA\" allow arbitrary access to the database and the file system",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0031.html"
},
{
"name": "http://packetstormsecurity.com/files/123915",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/123915"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-6164",
"datePublished": "2013-11-14T20:00:00",
"dateReserved": "2013-10-16T00:00:00",
"dateUpdated": "2024-08-06T17:29:43.026Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}