Projectsend
CVE-2019-11492
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
ProjectSend before r1070 writes user passwords to the server logs.
AnalysisAI
ProjectSend before r1070 writes user passwords to the server logs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-532. ProjectSend before r1070 writes user passwords to the server logs. Affected products include: Projectsend.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Projectsend
View allProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Rated critical severity (C
Unrestricted file upload vulnerability in process-upload.php in ProjectSend (formerly cFTP) r100 through r561 allows rem
install/make-config.php in ProjectSend r754 allows remote attackers to execute arbitrary PHP code via the dbprefix param
Projectsend version r1295 is affected by a directory traversal vulnerability. Rated critical severity (CVSS 9.8), this v
An issue was discovered in ProjectSend r1053. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable
Projectsend version r1295 is affected by sensitive information disclosure. Rated high severity (CVSS 8.1), this vulnerab
reset-password.php in ProjectSend before r1295 allows remote attackers to reset a password because of incorrect business
SQL injection vulnerability in client-edit.php in ProjectSend (formerly cFTP) r561 allows remote authenticated users to
Projectsend version r1295 is affected by a directory traversal vulnerability. Rated medium severity (CVSS 6.5), this vul
Projectsend version r1295 is affected by Cross Site Scripting (XSS) due to lack of sanitization when echo output data in
Cross-site scripting (XSS) vulnerability in ProjectSend (formerly cFTP) r561 allows remote attackers to inject arbitrary
Cross-site Scripting (XSS) - Stored in GitHub repository projectsend/projectsend prior to r1606. Rated medium severity (
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today