Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
projectsend vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2019-11533
Cross-site scripting (XSS) vulnerability in ProjectSend before r1070 allows remote malicious users to inject arbitrary web script or HTML.
Projectsend Projectsend
6.5
CVSSv2
CVE-2019-11378
An issue exists in ProjectSend r1053. upload-process-form.php allows finished_files[]=../ directory traversal. It is possible for users to read arbitrary files and (potentially) access the supporting database, delete arbitrary files, access user passwords, or run arbitrary code.
Projectsend Projectsend R1053
7.5
CVSSv2
CVE-2016-10731
ProjectSend (formerly cFTP) r582 allows SQL injection via manage-files.php with the request parameter status, manage-files.php with the request parameter files, clients.php with the request parameter selected_clients, clients.php with the request parameter status, process-zip-dow...
Projectsend Projectsend 582
1 Github repository
7.5
CVSSv2
CVE-2016-10734
ProjectSend (formerly cFTP) r582 allows Insecure Direct Object Reference via includes/actions.log.export.php.
Projectsend Projectsend 582
1 Github repository
7.5
CVSSv2
CVE-2016-10732
ProjectSend (formerly cFTP) r582 allows authentication bypass via a direct request for users.php, home.php, edit-file.php?file_id=1, or process-zip-download.php, or add_user_form_* parameters to users-add.php.
Projectsend Projectsend 582
1 Github repository
7.5
CVSSv2
CVE-2016-10733
ProjectSend (formerly cFTP) r582 allows directory traversal via file=../ in the process-zip-download.php query string.
Projectsend Projectsend 582
1 Github repository
NA
CVE-2018-13452
ProjectSend version R1053 suffers from a remote SQL injection vulnerability.
4.3
CVSSv2
CVE-2017-9783
Cross-site scripting (XSS) vulnerability in ProjectSend (formerly cFTP) before commit 6c3710430be26feb5371cb0377e5355d6f9a27ca allows remote malicious users to inject arbitrary web script or HTML via the Description field in a Site name updated.
Projectsend Projectsend
4.3
CVSSv2
CVE-2017-9786
Cross-site scripting (XSS) vulnerability in ProjectSend (formerly cFTP) before commit 6c3710430be26feb5371cb0377e5355d6f9a27ca allows remote malicious users to inject arbitrary web script or HTML via the Description field in My account Name updated, related to home.php and action...
Projectsend Projectsend
7.5
CVSSv2
CVE-2017-9741
install/make-config.php in ProjectSend r754 allows remote malicious users to execute arbitrary PHP code via the dbprefix parameter, related to replacing TABLES_PREFIX in the configuration file.
Projectsend Projectsend R754
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »