Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
projectsend vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2021-40886
Projectsend version r1295 is affected by a directory traversal vulnerability. A user with Uploader role can add value `2` for `chunks` parameter to bypass `fileName` sanitization.
Projectsend Projectsend R1295
9.8
CVSSv3
CVE-2021-40887
Projectsend version r1295 is affected by a directory traversal vulnerability. Because of lacking sanitization input for files[] parameter, an attacker can add ../ to move all PHP files or any file on the system that has permissions to /upload/files/ folder.
Projectsend Projectsend R1295
8.1
CVSSv3
CVE-2021-40884
Projectsend version r1295 is affected by sensitive information disclosure. Because of not checking authorization in ids parameter in files-edit.php and id parameter in process.php function, a user with uploader role can download and edit all files of users in application.
Projectsend Projectsend R1295
5.4
CVSSv3
CVE-2021-40888
Projectsend version r1295 is affected by Cross Site Scripting (XSS) due to lack of sanitization when echo output data in returnFilesIds() function. A low privilege user can call this function through process.php file and execute scripting code.
Projectsend Projectsend R1295
9.8
CVSSv3
CVE-2017-9741
install/make-config.php in ProjectSend r754 allows remote malicious users to execute arbitrary PHP code via the dbprefix parameter, related to replacing TABLES_PREFIX in the configuration file.
Projectsend Projectsend R754
5.7
CVSSv3
CVE-2017-20101
A vulnerability, which was classified as problematic, was found in ProjectSend r754. This affects an unknown part of the file process.php?do=zip_download. The manipulation of the argument client/file leads to information disclosure. It is possible to initiate the attack remotely.
Projectsend Projectsend R754
9.8
CVSSv3
CVE-2016-10732
ProjectSend (formerly cFTP) r582 allows authentication bypass via a direct request for users.php, home.php, edit-file.php?file_id=1, or process-zip-download.php, or add_user_form_* parameters to users-add.php.
Projectsend Projectsend 582
1 Github repository
9.8
CVSSv3
CVE-2016-10734
ProjectSend (formerly cFTP) r582 allows Insecure Direct Object Reference via includes/actions.log.export.php.
Projectsend Projectsend 582
1 Github repository
NA
CVE-2014-9580
Cross-site scripting (XSS) vulnerability in ProjectSend (formerly cFTP) r561 allows remote malicious users to inject arbitrary web script or HTML via the Description field in a file upload. NOTE: this issue was originally incorrectly mapped to CVE-2014-1155; see CVE-2014-1155 for...
Projectsend Projectsend 561
1 EDB exploit
9.8
CVSSv3
CVE-2016-10731
ProjectSend (formerly cFTP) r582 allows SQL injection via manage-files.php with the request parameter status, manage-files.php with the request parameter files, clients.php with the request parameter selected_clients, clients.php with the request parameter status, process-zip-dow...
Projectsend Projectsend 582
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
race condition
CVE-2024-4249
CVE-2024-4244
CVE-2023-20198
TCP
CVE-2022-48648
CVE-2022-48636
CVE-2024-21345
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »