Advisory Summary 2021 – Projeqtor
Authenticated attackers could perform actions in the context of high privilege users. This vulnerability could lead to site-wide account takeovers, privilege escalation and remote code execution.
Proof of Concept
We have released a proof of concept in the following sources:
Update to version 9.4.2 or newest version.
- 10/28/2021 – Contact with vendor.
- 10/29/2021 – Vulnerability acknowleged.
- 12/15/2021 – Fix released.