Projeqtor Remote Code Execution Vulnerability Discovered
CVE-2024-29387

8.8HIGH

Key Information:

Vendor: projeqtor
Status: Projeqtor
Vendor: CVE Published:; 4 April 2024

What is CVE-2024-29387?

ProjeQtor versions up to 11.2.0 have a vulnerability that allows for remote code execution due to insufficient validation in the /view/print.php component. This weakness could be exploited by an attacker, potentially enabling them to execute arbitrary code in the context of the server running the application. It’s crucial for users and administrators to ensure their installations are updated to mitigate the risks associated with this flaw.

References

https://cve.anas-cherni.me/2024/04/04/cve-2024-29387/

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 4, 2024

CVE-2024-29387 Data

JSON

projeqtor

What is CVE-2024-29387?

References

CVSS V3.1

Timeline