top of page
perceptive_background_267k.jpg

ProjeQtor versions 7.0 through 12.4.3 contain an unauthenticated SQL injection vulnerability in the login functionality where the login variable is directly con…

Published:

26 april 2026 om 22:00:00

Alert date:

27 april 2026 om 17:03:10

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Enterprise Applications, Database & Storage

ProjeQtor versions 7.0 through 12.4.3 contain an unauthenticated SQL injection vulnerability in the login functionality. The vulnerability exists where the login variable is directly concatenated into SQL queries without proper parameterization or sanitization. Attackers can exploit this by injecting arbitrary SQL expressions through the username field at the authentication endpoint. Successful exploitation allows attackers to create privileged accounts, read sensitive data, and potentially execute operating system commands if the database user has elevated permissions. This is a critical vulnerability as it requires no authentication and can lead to complete system compromise.

Technical details

Mitigation steps:

Affected products:

ProjeQtor

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-41462
https://damiri.fr/en/cves/CVE-2026-41462
https://gryfman.fr/cves/CVE-2026-41462
https://www.projeqtor.com
https://www.vulncheck.com/advisories/projeqtor-unauthenticated-sql-injection-via-login

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page