CVE-2025-3169

Projeqtor saveAttachment.php unrestricted upload

Severity Score

2.3

*CVSS v4

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track*

*SSVC

Descriptions

A vulnerability was found in Projeqtor up to 12.0.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /tool/saveAttachment.php. The manipulation of the argument attachmentFiles leads to unrestricted upload. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 12.0.3 is able to address this issue. It is recommended to upgrade the affected component. The vendor explains, that "this vulnerability can be exploited only on not securely installed instances, as it is adviced during product install: attachment directory should be out of web reach, so that even if executable file can be uploaded, it cannot be executed through the web."

Se encontró una vulnerabilidad en Projeqtor hasta la versión 12.0.2. Se ha clasificado como crítica. Este problema afecta a una funcionalidad desconocida del archivo /tool/saveAttachment.php. La manipulación del argumento "attachFiles" permite la carga sin restricciones. El ataque puede ejecutarse remotamente. Es un ataque de complejidad bastante alta. Parece difícil de explotar. Se ha hecho público el exploit y puede que sea utilizado. Actualizar a la versión 12.0.3 puede solucionar este problema. Se recomienda actualizar el componente afectado. El proveedor explica que "esta vulnerabilidad solo puede explotarse en instancias con una instalación no segura, como se recomienda durante la instalación del producto: el directorio de archivos adjuntos debe estar fuera del alcance web, de modo que, incluso si se puede cargar un archivo ejecutable, no se pueda ejecutar a través de la web".

Eine kritische Schwachstelle wurde in Projeqtor bis 12.0.2 ausgemacht. Betroffen davon ist ein unbekannter Prozess der Datei /tool/saveAttachment.php. Dank Manipulation des Arguments attachmentFiles mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Die Komplexität eines Angriffs ist eher hoch. Sie ist schwierig ausnutzbar. Der Exploit steht zur öffentlichen Verfügung. Ein Aktualisieren auf die Version 12.0.3 vermag dieses Problem zu lösen. Als bestmögliche Massnahme wird das Einspielen eines Upgrades empfohlen.

*Credits: deadmilkman

CVSS Scores

Attack Vector

Network

Attack Complexity

High

Attack Requirements

None

Privileges Required

Low

User Interaction

None

System

Vulnerable | Subsequent

Confidentiality

Low

None

Integrity

Low

None

Availability

Low

None

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Attack Vector

Network

Attack Complexity

High

Authentication

Single

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

Poc

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2025-04-03 CVE Reserved
2025-04-03 CVE Published
2025-04-03 CVE Updated
2025-04-03 First Exploit
2025-04-04 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-284: Improper Access Control
CWE-434: Unrestricted Upload of File with Dangerous Type

CAPEC

References (4)

URL	Tag	Source
https://github.com/deadmilkman/cve-reports/blob/main/01-projeqtor-rce/readme.md	Related
https://vuldb.com/?id.303128	Technical Description
https://vuldb.com/?submit.543250	Third Party Advisory

URL	Date	SRC
https://github.com/deadmilkman/cve-reports/blob/main/01-projeqtor-rce/readme.md#proof-of-concept-poc	2025-04-03

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
-		-				-		-		-