Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
projectsend projectsend vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2016-10732
ProjectSend (formerly cFTP) r582 allows authentication bypass via a direct request for users.php, home.php, edit-file.php?file_id=1, or process-zip-download.php, or add_user_form_* parameters to users-add.php.
Projectsend Projectsend 582
1 Github repository
9.8
CVSSv3
CVE-2016-10733
ProjectSend (formerly cFTP) r582 allows directory traversal via file=../ in the process-zip-download.php query string.
Projectsend Projectsend 582
1 Github repository
9.8
CVSSv3
CVE-2016-10734
ProjectSend (formerly cFTP) r582 allows Insecure Direct Object Reference via includes/actions.log.export.php.
Projectsend Projectsend 582
1 Github repository
9.8
CVSSv3
CVE-2021-40887
Projectsend version r1295 is affected by a directory traversal vulnerability. Because of lacking sanitization input for files[] parameter, an attacker can add ../ to move all PHP files or any file on the system that has permissions to /upload/files/ folder.
Projectsend Projectsend R1295
NA
CVE-2014-9580
Cross-site scripting (XSS) vulnerability in ProjectSend (formerly cFTP) r561 allows remote malicious users to inject arbitrary web script or HTML via the Description field in a file upload. NOTE: this issue was originally incorrectly mapped to CVE-2014-1155; see CVE-2014-1155 for...
Projectsend Projectsend 561
1 EDB exploit
8.1
CVSSv3
CVE-2021-40884
Projectsend version r1295 is affected by sensitive information disclosure. Because of not checking authorization in ids parameter in files-edit.php and id parameter in process.php function, a user with uploader role can download and edit all files of users in application.
Projectsend Projectsend R1295
NA
CVE-2015-2564
SQL injection vulnerability in client-edit.php in ProjectSend (formerly cFTP) r561 allows remote authenticated users to execute arbitrary SQL commands via the id parameter to users-edit.php.
Projectsend Projectsend 561
1 EDB exploit
6.5
CVSSv3
CVE-2021-40886
Projectsend version r1295 is affected by a directory traversal vulnerability. A user with Uploader role can add value `2` for `chunks` parameter to bypass `fileName` sanitization.
Projectsend Projectsend R1295
5.4
CVSSv3
CVE-2021-40888
Projectsend version r1295 is affected by Cross Site Scripting (XSS) due to lack of sanitization when echo output data in returnFilesIds() function. A low privilege user can call this function through process.php file and execute scripting code.
Projectsend Projectsend R1295
9.8
CVSSv3
CVE-2017-9741
install/make-config.php in ProjectSend r754 allows remote malicious users to execute arbitrary PHP code via the dbprefix parameter, related to replacing TABLES_PREFIX in the configuration file.
Projectsend Projectsend R754
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »