top of page
perceptive_background_267k.jpg

ProjeQtor versions 7.0 through 12.4.3 contain an unauthenticated SQL injection vulnerability in the login functionality where the login variable is directly con…

Published:

26 april 2026 om 22:00:00

Alert date:

27 april 2026 om 19:18:12

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Database & Storage, Enterprise Applications

ProjeQtor versions 7.0 through 12.4.3 contain a critical unauthenticated SQL injection vulnerability in the login functionality. The vulnerability allows attackers to inject arbitrary SQL expressions through the username field at the authentication endpoint. Successful exploitation can lead to creation of privileged accounts, reading sensitive data, and executing operating system commands if the database user has elevated permissions. The vulnerability exists because the login variable is directly concatenated into SQL queries without proper parameterization or sanitization.

Technical details

Mitigation steps:

Affected products:

ProjeQtor

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-41462
https://damiri.fr/en/cves/CVE-2026-41462
https://gryfman.fr/cves/CVE-2026-41462
https://www.projeqtor.com
https://www.vulncheck.com/advisories/projeqtor-unauthenticated-sql-injection-via-login

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page