CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
95.8%
Unrestricted file upload vulnerability in process-upload.php in ProjectSend (formerly cFTP) r100 through r561 allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in the upload/files/ or upload/temp/ directory.
Vendor | Product | Version | CPE |
---|---|---|---|
projectsend | projectsend | 100 | cpe:2.3:a:projectsend:projectsend:100:*:*:*:*:*:*:* |
projectsend | projectsend | 102 | cpe:2.3:a:projectsend:projectsend:102:*:*:*:*:*:*:* |
projectsend | projectsend | 105 | cpe:2.3:a:projectsend:projectsend:105:*:*:*:*:*:*:* |
projectsend | projectsend | 110 | cpe:2.3:a:projectsend:projectsend:110:*:*:*:*:*:*:* |
projectsend | projectsend | 155 | cpe:2.3:a:projectsend:projectsend:155:*:*:*:*:*:*:* |
projectsend | projectsend | 156 | cpe:2.3:a:projectsend:projectsend:156:*:*:*:*:*:*:* |
projectsend | projectsend | 157 | cpe:2.3:a:projectsend:projectsend:157:*:*:*:*:*:*:* |
projectsend | projectsend | 161 | cpe:2.3:a:projectsend:projectsend:161:*:*:*:*:*:*:* |
projectsend | projectsend | 180 | cpe:2.3:a:projectsend:projectsend:180:*:*:*:*:*:*:* |
projectsend | projectsend | 335 | cpe:2.3:a:projectsend:projectsend:335:*:*:*:*:*:*:* |