Projectsend

Projectsend

29 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2023-53980

Exploit
  • EPSS 0.4%
  • Veröffentlicht 22.12.2025 21:35:36
  • Zuletzt bearbeitet 26.12.2025 15:40:38

ProjectSend r1605 contains a remote code execution vulnerability that allows attackers to upload malicious files by manipulating file extensions. Attackers can upload shell scripts with disguised extensions through the upload.process.php endpoint to ...

7.5

CVE-2023-53930

Exploit
  • EPSS 0.05%
  • Veröffentlicht 17.12.2025 22:44:57
  • Zuletzt bearbeitet 27.12.2025 17:15:44

ProjectSend r1605 contains an insecure direct object reference vulnerability that allows unauthenticated attackers to download private files by manipulating the download ID parameter. Attackers can access any user's private files by changing the 'id'...

4.8

CVE-2023-53906

Exploit
  • EPSS 0.04%
  • Veröffentlicht 17.12.2025 22:44:45
  • Zuletzt bearbeitet 27.12.2025 17:15:42

projectSend r1605 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript through the custom assets configuration page. Attackers can craft a JavaScript payload in the custom assets...

8

CVE-2023-53905

Exploit
  • EPSS 0.06%
  • Veröffentlicht 17.12.2025 22:44:44
  • Zuletzt bearbeitet 27.12.2025 17:15:42

ProjectSend r1605 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into user profile names. Attackers can craft payloads like =calc|a!z| in the name field to trigger code execution when administrator...

9.8

CVE-2024-11680

Warnung Exploit
  • EPSS 93.49%
  • Veröffentlicht 26.11.2024 10:15:04
  • Zuletzt bearbeitet 31.10.2025 21:56:27

ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Remote, unauthenticated attackers can exploit this flaw by sending crafted HTTP requests to options.php, enabling unauthorized modification of the applicati...

7.5

CVE-2024-7659

  • EPSS 0.22%
  • Veröffentlicht 12.08.2024 13:38:49
  • Zuletzt bearbeitet 15.08.2024 17:49:42

A vulnerability, which was classified as problematic, was found in projectsend up to r1605. Affected is the function generate_random_string of the file includes/functions.php of the component Password Reset Token Handler. The manipulation leads to in...

5.3

CVE-2024-7658

  • EPSS 0.25%
  • Veröffentlicht 12.08.2024 13:38:49
  • Zuletzt bearbeitet 13.01.2025 21:15:14

A vulnerability, which was classified as problematic, has been found in projectsend up to r1605. This issue affects the function get_preview of the file process.php. The manipulation leads to improper control of resource identifiers. The attack may b...

4.8

CVE-2023-0607

Exploit
  • EPSS 0.37%
  • Veröffentlicht 01.02.2023 04:15:09
  • Zuletzt bearbeitet 21.11.2024 07:37:28

Cross-site Scripting (XSS) - Stored in GitHub repository projectsend/projectsend prior to r1606.

5.7

CVE-2017-20101

Exploit
  • EPSS 0.14%
  • Veröffentlicht 27.06.2022 14:15:07
  • Zuletzt bearbeitet 21.11.2024 03:22:38

A vulnerability, which was classified as problematic, was found in ProjectSend r754. This affects an unknown part of the file process.php?do=zip_download. The manipulation of the argument client/file leads to information disclosure. It is possible to...

5.4

CVE-2021-40888

Exploit
  • EPSS 0.28%
  • Veröffentlicht 11.10.2021 11:15:09
  • Zuletzt bearbeitet 21.11.2024 06:25:01

Projectsend version r1295 is affected by Cross Site Scripting (XSS) due to lack of sanitization when echo output data in returnFilesIds() function. A low privilege user can call this function through process.php file and execute scripting code.