Skip to main content

Projectsend

16 CVEs product

Monthly

CVE-2024-11680 CRITICAL POC KEV PATCH THREAT Act Now

ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass PHP Projectsend
NVD GitHub
CVSS 3.1
9.8
EPSS
91.6%
Threat
7.7
CVE-2024-7659 MEDIUM PATCH This Month

A vulnerability, which was classified as problematic, was found in projectsend up to r1605. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required.

PHP Information Disclosure Projectsend
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.8%
CVE-2024-7658 MEDIUM PATCH This Month

A vulnerability, which was classified as problematic, has been found in projectsend up to r1605.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Information Disclosure Projectsend
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.8%
CVE-2023-0607 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository projectsend/projectsend prior to r1606. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Projectsend
NVD GitHub
CVSS 3.1
4.8
EPSS
0.7%
CVE-2021-40888 MEDIUM POC This Month

Projectsend version r1295 is affected by Cross Site Scripting (XSS) due to lack of sanitization when echo output data in returnFilesIds() function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Projectsend
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-40887 CRITICAL POC Act Now

Projectsend version r1295 is affected by a directory traversal vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Projectsend
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2021-40886 MEDIUM POC This Month

Projectsend version r1295 is affected by a directory traversal vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Projectsend
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2021-40884 HIGH POC This Week

Projectsend version r1295 is affected by sensitive information disclosure. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Authentication Bypass Projectsend
NVD GitHub
CVSS 3.1
8.1
EPSS
0.9%
CVE-2020-28874 HIGH POC PATCH This Week

reset-password.php in ProjectSend before r1295 allows remote attackers to reset a password because of incorrect business logic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass PHP Projectsend
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
2.4%
CVE-2019-11533 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in ProjectSend before r1070 allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Projectsend
NVD
CVSS 3.0
6.1
EPSS
1.2%
CVE-2019-11492 HIGH This Week

ProjectSend before r1070 writes user passwords to the server logs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Projectsend
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2019-11378 HIGH POC This Week

An issue was discovered in ProjectSend r1053. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal RCE Projectsend
NVD GitHub
CVSS 3.0
8.8
EPSS
3.6%
CVE-2017-9741 CRITICAL POC Act Now

install/make-config.php in ProjectSend r754 allows remote attackers to execute arbitrary PHP code via the dbprefix parameter, related to replacing TABLES_PREFIX in the configuration file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Projectsend
NVD GitHub
CVSS 3.0
9.8
EPSS
0.8%
CVE-2015-2564 MEDIUM POC This Month

SQL injection vulnerability in client-edit.php in ProjectSend (formerly cFTP) r561 allows remote authenticated users to execute arbitrary SQL commands via the id parameter to users-edit.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Projectsend
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
4.3%
CVE-2014-9580 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in ProjectSend (formerly cFTP) r561 allows remote attackers to inject arbitrary web script or HTML via the Description field in a file upload. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS File Upload Projectsend
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
3.8%
CVE-2014-9567 HIGH POC THREAT Act Now

Unrestricted file upload vulnerability in process-upload.php in ProjectSend (formerly cFTP) r100 through r561 allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 82.9%.

RCE PHP Code Injection File Upload Projectsend
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
82.9%
Threat
5.5
EPSS 92% 7.7 CVSS 9.8
CRITICAL POC KEV PATCH THREAT Act Now

ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass PHP Projectsend
NVD GitHub
EPSS 1% CVSS 6.3
MEDIUM PATCH This Month

A vulnerability, which was classified as problematic, was found in projectsend up to r1605. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required.

PHP Information Disclosure Projectsend
NVD GitHub VulDB
EPSS 1% CVSS 6.9
MEDIUM PATCH This Month

A vulnerability, which was classified as problematic, has been found in projectsend up to r1605.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Information Disclosure Projectsend
NVD GitHub VulDB
EPSS 1% CVSS 4.8
MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository projectsend/projectsend prior to r1606. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Projectsend
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

Projectsend version r1295 is affected by Cross Site Scripting (XSS) due to lack of sanitization when echo output data in returnFilesIds() function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Projectsend
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

Projectsend version r1295 is affected by a directory traversal vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Projectsend
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Projectsend version r1295 is affected by a directory traversal vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Projectsend
NVD GitHub
EPSS 1% CVSS 8.1
HIGH POC This Week

Projectsend version r1295 is affected by sensitive information disclosure. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Authentication Bypass +1
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

reset-password.php in ProjectSend before r1295 allows remote attackers to reset a password because of incorrect business logic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass PHP Projectsend
NVD GitHub VulDB
EPSS 1% CVSS 6.1
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in ProjectSend before r1070 allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Projectsend
NVD
EPSS 1% CVSS 7.5
HIGH This Week

ProjectSend before r1070 writes user passwords to the server logs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Projectsend
NVD
EPSS 4% CVSS 8.8
HIGH POC This Week

An issue was discovered in ProjectSend r1053. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal RCE +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

install/make-config.php in ProjectSend r754 allows remote attackers to execute arbitrary PHP code via the dbprefix parameter, related to replacing TABLES_PREFIX in the configuration file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Projectsend
NVD GitHub
EPSS 4% CVSS 6.5
MEDIUM POC This Month

SQL injection vulnerability in client-edit.php in ProjectSend (formerly cFTP) r561 allows remote authenticated users to execute arbitrary SQL commands via the id parameter to users-edit.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Projectsend
NVD Exploit-DB
EPSS 4% CVSS 4.3
MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in ProjectSend (formerly cFTP) r561 allows remote attackers to inject arbitrary web script or HTML via the Description field in a file upload. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS File Upload Projectsend
NVD Exploit-DB
EPSS 83% 5.5 CVSS 7.5
HIGH POC THREAT Act Now

Unrestricted file upload vulnerability in process-upload.php in ProjectSend (formerly cFTP) r100 through r561 allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 82.9%.

RCE PHP Code Injection +2
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy