CVE-2026-41465
Path Traversal in ProjeQtor Log Viewer Allows Arbitrary File Read
Publication date: 2026-04-27
Last updated on: 2026-04-27
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| projeqtor | projeqtor | From 7.0 (inc) to 12.4.3 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-41465 is a path traversal vulnerability affecting ProjeQtor versions 7.0 through 12.4.3. It exists in the log file viewer component within the dynamicDialog.php file. The vulnerability occurs because the "logname" parameter is not properly validated to block directory traversal sequences such as "../". This allows authenticated attackers to inject these sequences into the parameter, enabling them to access and read arbitrary .log files on the server's filesystem that the web server process can access.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an authenticated attacker to read sensitive log files on the server. Since the attacker can access arbitrary .log files, they might obtain confidential information contained within those logs, such as system details, user activities, or other sensitive data. This compromises the confidentiality of your system's information and could potentially aid further attacks or data breaches.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability exists because the logname parameter in dynamicDialog.php is not validated against directory traversal sequences, allowing authenticated attackers to read arbitrary .log files.
Immediate mitigation steps include restricting access to the dynamicDialog.php log file viewer to trusted users only, ensuring that only authenticated users with minimal privileges can access it.
Additionally, monitor and restrict web server file permissions to limit access to sensitive log files.
Applying any available patches or updates from ProjeQtor that address this vulnerability is also recommended.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the dynamicDialog.php file's log file viewer is accessible and if the logname parameter is vulnerable to directory traversal sequences such as "../".
A practical approach is to attempt to access arbitrary log files by sending HTTP requests with crafted logname parameters containing directory traversal sequences.
For example, you can use curl commands to test the vulnerability by trying to read sensitive log files:
- curl -u <username>:<password> "http://<target>/dynamicDialog.php?logname=../../../../etc/passwd"
- curl -u <username>:<password> "http://<target>/dynamicDialog.php?logname=../../../../var/log/apache2/access.log"
Replace <username>, <password>, and <target> with appropriate values. Successful retrieval of file contents indicates the presence of the vulnerability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows authenticated attackers to read arbitrary log files on the server by exploiting a path traversal flaw. Such unauthorized access to potentially sensitive log data can lead to confidentiality breaches.
Confidentiality breaches caused by this vulnerability may impact compliance with standards and regulations like GDPR and HIPAA, which require protection of sensitive information and proper access controls to prevent unauthorized data disclosure.