CVE-2021-47819

Critical CVSS: 9.3

ProjeQtOr Project Management 9.1.4 contains a file upload vulnerability that allows guest users to upload malicious PHP files with arbitrary code execution capabilities. Attackers can upload a PHP script through the profile attachment section and execute system commands by accessing the uploaded file with a specially crafted request parameter.

Vendor

Product

CWE

CWE-434

Yayın Tarihi

2026-01-15 16:16:10

Güncelleme

2026-01-16 15:55:33

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-434 CRITICAL 2026

Referanslar

https://www.exploit-db.com/exploits/49919 https://www.projeqtor.org