CyberSec.Space Logo
Back to CVE Browser

CVE-2021-47819

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0410%
EPSS Percentile30.24th
PublishedJan 15, 2026
Last ModifiedApr 15, 2026

Vulnerability Description

ProjeQtOr Project Management 9.1.4 contains a file upload vulnerability that allows guest users to upload malicious PHP files with arbitrary code execution capabilities. Attackers can upload a PHP script through the profile attachment section and execute system commands by accessing the uploaded file with a specially crafted request parameter.

Affected Platforms (CPE)

No CPE configurations currently published for this record.

References & Advisories

🔗 https://www.exploit-db.com/exploits/49919
🔗 https://www.projeqtor.org

Related Vulnerabilities

CVE-2021-2732910.0

Friendica 2021.01 allows SSRF via parse_url?binurl= for DNS lookups or HTTP requests to arbitrary domain names.

CVE-2021-2132110.0

fastify-reply-from is an npm package which is a fastify plugin to forward the current http request to another server. In fastify-r...

CVE-2021-4155610.0

sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read (in the core interpreter) that can lead to ...

CVE-2021-2132210.0

fastify-http-proxy is an npm package which is a fastify plugin for proxying your http requests to another server, with hooks. By c...