Unrestricted file upload vulnerability in process-upload.php in ProjectSend (formerly cFTP) r100 through r561 allows remote malicious users to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in the upload/files/ or upload/temp/ directory.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
projectsend projectsend 156 |
||
projectsend projectsend 102 |
||
projectsend projectsend 105 |
||
projectsend projectsend 375 |
||
projectsend projectsend 405 |
||
projectsend projectsend 157 |
||
projectsend projectsend 561 |
||
projectsend projectsend 100 |
||
projectsend projectsend 161 |
||
projectsend projectsend 180 |
||
projectsend projectsend 335 |
||
projectsend projectsend 110 |
||
projectsend projectsend 155 |
||
projectsend projectsend 412 |
||
projectsend projectsend 514 |