Skip to main content
CVE-2018-18924 HIGH POC This Week

The image-upload feature in ProjeQtOr 7.2.5 allows remote attackers to execute arbitrary code by uploading a .shtml file with "#exec cmd" because rejected files remain on the server, with predictable. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Projeqtor
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
9.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy