← back
CVE-2018-18924

CVE-2018-18924

EPSS 9.5%
The image-upload feature in ProjeQtOr 7.2.5 allows remote attackers to execute arbitrary code by uploading a .shtml file with "#exec cmd" because rejected files remain on the server, with predictable filenames, after a "This file is not a valid image" error message.
Affected products
n/a · n/a
public PoCs found2
cve_referencewww.exploit-db.com/exploits/45680/unverifiedexploitdbwww.exploit-db.com/exploits/45680unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://pentest.com.tr/exploits/ProjeQtOr-Project-Management-Tool-7-2-5-Remote-Code-Execution.htmlhttps://www.exploit-db.com/exploits/45680/