First published: Mon Oct 11 2021(Updated: )
Projectsend version r1295 is affected by a directory traversal vulnerability. Because of lacking sanitization input for files[] parameter, an attacker can add ../ to move all PHP files or any file on the system that has permissions to /upload/files/ folder.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Projectsend Projectsend | =r1295 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-40887 is a directory traversal vulnerability in Projectsend version r1295.
CVE-2021-40887 has a severity rating of 9.8 (Critical).
Projectsend version r1295 is affected by CVE-2021-40887.
CVE-2021-40887 allows an attacker to perform directory traversal, potentially granting unauthorized access to sensitive files on the system.
At the time of writing, there is no official fix available for CVE-2021-40887. It is recommended to update to the latest version of Projectsend when a fix becomes available.