https://gryfman.fr/tags/sqli/Recent content in SQLi on gryfmanHugoen-ussussetnoe2004@gmail.com (gryfman)sussetnoe2004@gmail.com (gryfman)Mon, 27 Apr 2026 00:00:06 +0200https://gryfman.fr/cves/cve-2026-41462/Mon, 27 Apr 2026 00:00:06 +0200sussetnoe2004@gmail.com (gryfman)https://gryfman.fr/cves/cve-2026-41462/<h2 id="introduction">Introduction</h2> <p>During a security assessment, we identified an unauthenticated SQL injection vulnerability in <a href="https://www.projeqtor.com/fr/" target="_blank" rel="noopener">ProjeQtOr</a> , an open source project management platform. The injection point was located in the authentication logic, allow an attacker to inject SQL commands directly into the user field, that was later used to look up user accounts. This flaw could be exploited to create a new administrative user or full access to the database without needing valid credentials.</p>