Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
projectsend vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-0607
Cross-site Scripting (XSS) - Stored in GitHub repository projectsend/projectsend prior to r1606.
Projectsend Projectsend
3.5
CVSSv2
CVE-2017-20101
A vulnerability, which was classified as problematic, was found in ProjectSend r754. This affects an unknown part of the file process.php?do=zip_download. The manipulation of the argument client/file leads to information disclosure. It is possible to initiate the attack remotely.
Projectsend Projectsend R754
10
CVSSv2
CVE-2021-40887
Projectsend version r1295 is affected by a directory traversal vulnerability. Because of lacking sanitization input for files[] parameter, an attacker can add ../ to move all PHP files or any file on the system that has permissions to /upload/files/ folder.
Projectsend Projectsend R1295
3.5
CVSSv2
CVE-2021-40888
Projectsend version r1295 is affected by Cross Site Scripting (XSS) due to lack of sanitization when echo output data in returnFilesIds() function. A low privilege user can call this function through process.php file and execute scripting code.
Projectsend Projectsend R1295
5.5
CVSSv2
CVE-2021-40884
Projectsend version r1295 is affected by sensitive information disclosure. Because of not checking authorization in ids parameter in files-edit.php and id parameter in process.php function, a user with uploader role can download and edit all files of users in application.
Projectsend Projectsend R1295
4
CVSSv2
CVE-2021-40886
Projectsend version r1295 is affected by a directory traversal vulnerability. A user with Uploader role can add value `2` for `chunks` parameter to bypass `fileName` sanitization.
Projectsend Projectsend R1295
5
CVSSv2
CVE-2020-28874
reset-password.php in ProjectSend before r1295 allows remote malicious users to reset a password because of incorrect business logic. Errors are not properly considered (an invalid token parameter).
Projectsend Projectsend
1 Github repository
6.8
CVSSv2
CVE-2018-7201
CSV Injection exists in ProjectSend before r1053, affecting victims who import the data into Microsoft Excel.
Projectsend Projectsend
4.3
CVSSv2
CVE-2018-7202
An issue exists in ProjectSend before r1053. XSS exists in the "Name" field on the My Account page.
Projectsend Projectsend
5
CVSSv2
CVE-2019-11492
ProjectSend before r1070 writes user passwords to the server logs.
Projectsend Projectsend
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4040
cross-site scripting
CVE-2023-25790
CVE-2024-2961
XML external entity
CVE-2024-26926
CVE-2024-32806
CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »