{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-41465", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-04-20T16:07:47.311Z", "datePublished": "2026-04-27T15:10:48.938Z", "dateUpdated": "2026-05-14T02:09:49.476Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-05-14T02:09:49.476Z"}, "title": "ProjeQtor < 12.4.4 Path Traversal via dynamicDialog.php", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE"}]}], "affected": [{"vendor": "ProjeQtor", "product": "ProjeQtor", "versions": [{"status": "affected", "version": "7.0", "lessThanOrEqual": "12.4.3", "versionType": "custom"}, {"status": "unaffected", "version": "12.4.4", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "ProjeQtor versions 7.0 through 12.4.3 contains a path traversal vulnerability in the log file viewer at dynamicDialog.php where the logname parameter is not validated against directory traversal sequences before constructing file paths. Authenticated attackers can inject directory traversal sequences ../ into the logname parameter to read arbitrary .log files accessible to the web server process on the filesystem.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "ProjeQtor versions 7.0 through 12.4.3 contains a path traversal vulnerability in the log file viewer at dynamicDialog.php where the logname parameter is not validated against directory traversal sequences before constructing file paths. Authenticated attackers can inject directory traversal sequences ../ into the logname parameter to read arbitrary .log files accessible to the web server process on the filesystem.<br>"}]}], "references": [{"url": "https://damiri.fr/en/cves/CVE-2026-41465", "tags": ["technical-description", "exploit"]}, {"url": "https://gryfman.fr/cves/CVE-2026-41465", "tags": ["technical-description", "exploit"]}, {"url": "https://www.projeqtor.com", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/projeqtor-path-traversal-via-dynamicdialog-php", "tags": ["third-party-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 7.1, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"}}, {"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}}], "credits": [{"lang": "en", "value": "Yassine Damiri", "type": "finder"}, {"lang": "en", "value": "No\u00e9 Susset", "type": "finder"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-27T16:25:22.634320Z", "id": "CVE-2026-41465", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-27T16:26:05.274Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-41465", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-27T16:25:22.634320Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-27T16:25:49.873Z"}}], "cna": {"title": "ProjeQtor < 12.4.4 Path Traversal via dynamicDialog.php", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Yassine Damiri"}, {"lang": "en", "type": "finder", "value": "No\u00e9 Susset"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.1, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "ProjeQtor", "product": "ProjeQtor", "versions": [{"status": "affected", "version": "7.0", "versionType": "custom", "lessThanOrEqual": "12.4.3"}, {"status": "unaffected", "version": "12.4.4", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://damiri.fr/en/cves/CVE-2026-41465", "tags": ["technical-description", "exploit"]}, {"url": "https://gryfman.fr/cves/CVE-2026-41465", "tags": ["technical-description", "exploit"]}, {"url": "https://www.projeqtor.com", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/projeqtor-path-traversal-via-dynamicdialog-php", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "ProjeQtor versions 7.0 through 12.4.3 contains a path traversal vulnerability in the log file viewer at dynamicDialog.php where the logname parameter is not validated against directory traversal sequences before constructing file paths. Authenticated attackers can inject directory traversal sequences ../ into the logname parameter to read arbitrary .log files accessible to the web server process on the filesystem.", "supportingMedia": [{"type": "text/html", "value": "ProjeQtor versions 7.0 through 12.4.3 contains a path traversal vulnerability in the log file viewer at dynamicDialog.php where the logname parameter is not validated against directory traversal sequences before constructing file paths. Authenticated attackers can inject directory traversal sequences ../ into the logname parameter to read arbitrary .log files accessible to the web server process on the filesystem.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-05-14T02:09:49.476Z"}}}, "cveMetadata": {"cveId": "CVE-2026-41465", "state": "PUBLISHED", "dateUpdated": "2026-05-14T02:09:49.476Z", "dateReserved": "2026-04-20T16:07:47.311Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-04-27T15:10:48.938Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "ProjeQtor versions 7.0 through 12.4.3 contains a path traversal vulnerability in the log file viewer at dynamicDialog.php where the logname parameter is not validated against directory traversal sequences before constructing file paths. Authenticated attackers can inject directory traversal sequences ../ into the logname parameter to read arbitrary .log files accessible to the web server process on the filesystem."}], "id": "CVE-2026-41465", "lastModified": "2026-04-27T18:35:53.583", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "disclosure@vulncheck.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-04-27T16:16:45.793", "references": [{"source": "disclosure@vulncheck.com", "url": "https://damiri.fr/en/cves/CVE-2026-41465"}, {"source": "disclosure@vulncheck.com", "url": "https://gryfman.fr/cves/CVE-2026-41465"}, {"source": "disclosure@vulncheck.com", "url": "https://www.projeqtor.com"}, {"source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/projeqtor-path-traversal-via-dynamicdialog-php"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[7.0,12.4.3]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "12.4.4"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "ProjeQtor", "source": "cna", "vendor": "ProjeQtor"}, "product": "projeqtor", "vendor": "projeqtor"}], "analysis": {"en": {"generated_at": "2026-04-28T04:20:32.794979+00:00", "value": {"mitigation_remediation": ["Upgrade ProjeQtor to version 12.4.4 or later so the path traversal flaw is patched.", "Restrict file system permissions so that only the web server user can read log files, preventing disclosure if traversal is still possible.", "Implement server\u2011side validation that rejects any directory traversal sequences in the logname parameter, ensuring that only legitimate log file names are processed."], "summary": {"action": "Patch", "impact": "Unauthorized disclosure of log files via path traversal"}, "threat_synthesis": {"affected_systems": "All ProjeQtor installations from version 7.0 up to 12.4.3, inclusive, are affected because the path traversal vulnerability resides in the dynamicDialog.php component of the ProjeQtor:ProjeQtor product. No later versions (12.4.4 and above) contain the fix.", "description_and_impact": "A directory traversal flaw in ProjeQtor\u2019s log file viewer (dynamicDialog.php) allows attackers to supply a logname parameter containing ../ sequences. The application fails to validate this input before assembling the file path, enabling an authenticated user to read arbitrary .log files that are accessible to the web server process. The primary impact is the unauthorized disclosure of potentially sensitive information stored in those log files, such as credentials, system configuration, or debug output.", "risk_and_exploitability": "The vulnerability scores 7.1 on the CVSS scale, indicating a moderate to high severity. The EPSS score is not available, and the issue is not listed in the CISA KEV catalog. Exploitation requires an attacker to have valid authentication to the ProjeQtor application, after which the attacker can craft requests to dynamicDialog.php with directory traversal payloads to read arbitrary log files. The attack vector is via the web interface, leveraging the logname request parameter. The exploitation is straightforward in environments where log files are readable by the web server process, and no additional conditions are stated in the description."}}}}, "created": "2026-04-28T02:45:10.915150+00:00", "updated": "2026-04-28T04:30:21.143390+00:00", "vendors": ["projeqtor", "projeqtor$PRODUCT$projeqtor"]}