SQLi

Introduction

During a security assessment, we identified an unauthenticated SQL injection vulnerability in ProjeQtOr , an open source project management platform. The injection point was located in the authentication logic, allow an attacker to inject SQL commands directly into the user field, that was later used to look up user accounts. This flaw could be exploited to create a new administrative user or full access to the database without needing valid credentials.