CVE-2025-3169

A vulnerability was found in Projeqtor up to 12.0.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /tool/saveAttachment.php. The manipulation of the argument attachmentFiles leads to unrestricted upload. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 12.0.3 is able to address this issue. It is recommended to upgrade the affected component. The vendor explains, that "this vulnerability can be exploited only on not securely installed instances, as it is adviced during product install: attachment directory should be out of web reach, so that even if executable file can be uploaded, it cannot be executed through the web."

CVSS v3 5.0 MEDIUM
CVSS v2.0 4.6 MEDIUM

5.0^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

4.6^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:H/Au:S/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector NETWORK

Access Complexity HIGH

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://github.com/deadmilkman/cve-reports/blob/main/01-projeqtor-rce/readme.md
https://github.com/deadmilkman/cve-reports/blob/main/01-projeqtor-rce/readme.md#proof-of-concept-poc
https://vuldb.com/?ctiid.303128
https://vuldb.com/?id.303128
https://vuldb.com/?submit.543250

Configurations

No configuration.

History

07 Apr 2025, 14:18

Type	Values Removed	Values Added
Summary		(es) Se encontró una vulnerabilidad en Projeqtor hasta la versión 12.0.2. Se ha clasificado como crítica. Este problema afecta a una funcionalidad desconocida del archivo /tool/saveAttachment.php. La manipulación del argumento "attachFiles" permite la carga sin restricciones. El ataque puede ejecutarse remotamente. Es un ataque de complejidad bastante alta. Parece difícil de explotar. Se ha hecho público el exploit y puede que sea utilizado. Actualizar a la versión 12.0.3 puede solucionar este problema. Se recomienda actualizar el componente afectado. El proveedor explica que "esta vulnerabilidad solo puede explotarse en instancias con una instalación no segura, como se recomienda durante la instalación del producto: el directorio de archivos adjuntos debe estar fuera del alcance web, de modo que, incluso si se puede cargar un archivo ejecutable, no se pueda ejecutar a través de la web".

03 Apr 2025, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-03 17:15

Updated : 2025-04-07 14:18

NVD link : CVE-2025-3169

Mitre link : CVE-2025-3169

CVE.ORG link : CVE-2025-3169

JSON object : View

Products Affected

No product.

CWE

CWE-284

Improper Access Control

CWE-434

Unrestricted Upload of File with Dangerous Type

5.0 /10