ProjeQtOr Project Management 9.1.4 contains a file upload vulnerability that allows guest users to upload malicious PHP files with arbitrary code execution capabilities. Attackers can upload a PHP script through the profile attachment section and execute system commands by accessing the uploaded file with a specially crafted request parameter.
References
Configurations
No configuration.
History
15 Apr 2026, 00:35
| Type | Values Removed | Values Added |
|---|---|---|
| Summary |
|
15 Jan 2026, 16:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-01-15 16:16
Updated : 2026-06-17 04:18
NVD link : CVE-2021-47819
Mitre link : CVE-2021-47819
CVE.ORG link : CVE-2021-47819
JSON object : View
Products Affected
No product.
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type
