Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
projectsend projectsend vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2021-40887
Projectsend version r1295 is affected by a directory traversal vulnerability. Because of lacking sanitization input for files[] parameter, an attacker can add ../ to move all PHP files or any file on the system that has permissions to /upload/files/ folder.
Projectsend Projectsend R1295
7.5
CVSSv2
CVE-2016-10731
ProjectSend (formerly cFTP) r582 allows SQL injection via manage-files.php with the request parameter status, manage-files.php with the request parameter files, clients.php with the request parameter selected_clients, clients.php with the request parameter status, process-zip-dow...
Projectsend Projectsend 582
1 Github repository
7.5
CVSSv2
CVE-2016-10733
ProjectSend (formerly cFTP) r582 allows directory traversal via file=../ in the process-zip-download.php query string.
Projectsend Projectsend 582
1 Github repository
7.5
CVSSv2
CVE-2016-10732
ProjectSend (formerly cFTP) r582 allows authentication bypass via a direct request for users.php, home.php, edit-file.php?file_id=1, or process-zip-download.php, or add_user_form_* parameters to users-add.php.
Projectsend Projectsend 582
1 Github repository
7.5
CVSSv2
CVE-2016-10734
ProjectSend (formerly cFTP) r582 allows Insecure Direct Object Reference via includes/actions.log.export.php.
Projectsend Projectsend 582
1 Github repository
7.5
CVSSv2
CVE-2017-9741
install/make-config.php in ProjectSend r754 allows remote malicious users to execute arbitrary PHP code via the dbprefix parameter, related to replacing TABLES_PREFIX in the configuration file.
Projectsend Projectsend R754
7.5
CVSSv2
CVE-2014-9567
Unrestricted file upload vulnerability in process-upload.php in ProjectSend (formerly cFTP) r100 through r561 allows remote malicious users to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in the upload/fil...
Projectsend Projectsend 156
Projectsend Projectsend 102
Projectsend Projectsend 105
Projectsend Projectsend 375
Projectsend Projectsend 405
Projectsend Projectsend 157
Projectsend Projectsend 561
Projectsend Projectsend 100
Projectsend Projectsend 161
Projectsend Projectsend 180
Projectsend Projectsend 335
Projectsend Projectsend 110
Projectsend Projectsend 155
Projectsend Projectsend 412
Projectsend Projectsend 514
2 EDB exploits
6.8
CVSSv2
CVE-2018-7201
CSV Injection exists in ProjectSend before r1053, affecting victims who import the data into Microsoft Excel.
Projectsend Projectsend
6.5
CVSSv2
CVE-2019-11378
An issue exists in ProjectSend r1053. upload-process-form.php allows finished_files[]=../ directory traversal. It is possible for users to read arbitrary files and (potentially) access the supporting database, delete arbitrary files, access user passwords, or run arbitrary code.
Projectsend Projectsend R1053
6.5
CVSSv2
CVE-2015-2564
SQL injection vulnerability in client-edit.php in ProjectSend (formerly cFTP) r561 allows remote authenticated users to execute arbitrary SQL commands via the id parameter to users-edit.php.
Projectsend Projectsend 561
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »