HIGH
ProjeQtor
CVE published 2026-04-27
CVE-2026-41465
CVE-2026-41465 documents a path traversal vulnerability in ProjeQtor project management software affecting versions 7.0 through 12.4.3. The vulnerability resides in the log file viewer component at dynamicDialog.php, where the logname parameter fails to validate directory traversal sequences before file path construction. Authenticated attackers can exploit this weakness by injecting ../ sequences into th [truncated]