CVE-2024-29387
📋 TL;DR
This vulnerability allows remote attackers to execute arbitrary code on systems running vulnerable versions of projeqtor. Attackers can exploit the /view/print.php component to upload and execute malicious files, potentially compromising the entire server. All organizations using projeqtor versions up to 11.2.0 are affected.
💻 Affected Systems
- projeqtor
📦 What is this software?
Projeqtor by Projeqtor
⚠️ Risk & Real-World Impact
Worst Case
Complete server compromise leading to data theft, ransomware deployment, lateral movement to other systems, and persistent backdoor installation.
Likely Case
Webshell installation allowing unauthorized access, data exfiltration, and further exploitation of the server environment.
If Mitigated
Limited impact with proper network segmentation, file upload restrictions, and web application firewalls blocking malicious requests.
🎯 Exploit Status
The vulnerability is publicly documented with proof-of-concept details available, making exploitation straightforward for attackers.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 11.2.1 or later
Vendor Advisory: https://github.com/projeqtor/projeqtor/releases
Restart Required: No
Instructions:
1. Backup your projeqtor installation and database. 2. Download the latest version from the official repository. 3. Replace the vulnerable files with patched versions. 4. Verify the /view/print.php component has been secured.
🔧 Temporary Workarounds
Block access to vulnerable endpoint
allRestrict access to /view/print.php via web server configuration or firewall rules
# Apache: RewriteRule ^/view/print\.php$ - [F,L]
# Nginx: location ~ /view/print\.php$ { deny all; }
Implement file upload restrictions
allConfigure web application firewall to block malicious file uploads to the print.php endpoint
🧯 If You Can't Patch
- Implement strict network segmentation to isolate the projeqtor server from critical systems
- Deploy a web application firewall with rules specifically blocking exploitation attempts against /view/print.php
🔍 How to Verify
Check if Vulnerable:
Check if /view/print.php exists and is accessible in your projeqtor installation. Review version number in projeqtor interface or configuration files.Check Version:
Check projeqtor interface or examine version.php file in installation directoryVerify Fix Applied:
Verify projeqtor version is 11.2.1 or later. Test that /view/print.php no longer accepts malicious file uploads or returns appropriate error messages.📡 Detection & Monitoring
Log Indicators:
- Unusual file uploads to /view/print.php
- POST requests with file upload parameters to print.php
- Execution of unexpected system commands from web process
Network Indicators:
- HTTP requests to /view/print.php with file upload content
- Outbound connections from projeqtor server to suspicious external IPs
SIEM Query:
source="web_server_logs" AND (uri="/view/print.php" AND method="POST" AND (file_upload="true" OR contains(content_type, "multipart/form-data")))