← Volver a CVEs
CVE-2026-41465
MEDIUM6.5
Descripcion
ProjeQtor versions 7.0 through 12.4.3 contains a path traversal vulnerability in the log file viewer at dynamicDialog.php where the logname parameter is not validated against directory traversal sequences before constructing file paths. Authenticated attackers can inject directory traversal sequences ../ into the logname parameter to read arbitrary .log files accessible to the web server process on the filesystem.
Detalles CVE
Puntuacion CVSS v3.16.5
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado4/27/2026
Ultima modificacion4/27/2026
Fuentenvd
Avistamientos honeypot0
Debilidades (CWE)
CWE-22
Referencias
https://damiri.fr/en/cves/CVE-2026-41465(disclosure@vulncheck.com)
https://gryfman.fr/cves/CVE-2026-41465(disclosure@vulncheck.com)
https://www.projeqtor.com(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/projeqtor-path-traversal-via-dynamicdialog-php(disclosure@vulncheck.com)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.