Latest projectsend projectsend Vulnerabilities

CVE-2023-0607
Cross-site Scripting (XSS) - Stored in GitHub repository projectsend/projectsend prior to r1606.
Projectsend Projectsend<r1606
CVE-2021-40888
Projectsend version r1295 is affected by Cross Site Scripting (XSS) due to lack of sanitization when echo output data in returnFilesIds() function. A low privilege user can call this function through ...
Projectsend Projectsend=r1295
CVE-2021-40884
Projectsend version r1295 is affected by sensitive information disclosure. Because of not checking authorization in ids parameter in files-edit.php and id parameter in process.php function, a user wit...
Projectsend Projectsend=r1295
CVE-2021-40886
Projectsend version r1295 is affected by a directory traversal vulnerability. A user with Uploader role can add value `2` for `chunks` parameter to bypass `fileName` sanitization.
Projectsend Projectsend=r1295
CVE-2021-40887
Projectsend version r1295 is affected by a directory traversal vulnerability. Because of lacking sanitization input for files[] parameter, an attacker can add ../ to move all PHP files or any file on ...
Projectsend Projectsend=r1295
CVE-2020-28874
reset-password.php in ProjectSend before r1295 allows remote attackers to reset a password because of incorrect business logic. Errors are not properly considered (an invalid token parameter).
Projectsend Projectsend<r1295
CVE-2018-7201
CSV Injection was discovered in ProjectSend before r1053, affecting victims who import the data into Microsoft Excel.
Projectsend Projectsend<1053
CVE-2018-7202
An issue was discovered in ProjectSend before r1053. XSS exists in the "Name" field on the My Account page.
Projectsend Projectsend<r1053
CVE-2019-11492
ProjectSend before r1070 writes user passwords to the server logs.
Projectsend Projectsend<1070
CVE-2019-11533
Cross-site scripting (XSS) vulnerability in ProjectSend before r1070 allows remote attackers to inject arbitrary web script or HTML.
Projectsend Projectsend<1070
CVE-2019-11378
An issue was discovered in ProjectSend r1053. upload-process-form.php allows finished_files[]=../ directory traversal. It is possible for users to read arbitrary files and (potentially) access the sup...
Projectsend Projectsend=r1053
CVE-2016-10732
ProjectSend (formerly cFTP) r582 allows authentication bypass via a direct request for users.php, home.php, edit-file.php?file_id=1, or process-zip-download.php, or add_user_form_* parameters to users...
Projectsend Projectsend=582
CVE-2016-10733
ProjectSend (formerly cFTP) r582 allows directory traversal via file=../ in the process-zip-download.php query string.
Projectsend Projectsend=582
CVE-2016-10734
ProjectSend (formerly cFTP) r582 allows Insecure Direct Object Reference via includes/actions.log.export.php.
Projectsend Projectsend=582
CVE-2016-10731
ProjectSend (formerly cFTP) r582 allows SQL injection via manage-files.php with the request parameter status, manage-files.php with the request parameter files, clients.php with the request parameter ...
Projectsend Projectsend=582

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203