ProjectSend SQL Injection Vulnerability
ProjectSend formerly known as cFTP is a suite of self-hosted applications based on PHP and MySQL. A SQL injection vulnerability exists in the client-edit.php script in ProjectSend version r561. Since the users-edit.php script fails to adequately filter the 'id' parameter. A remote attacker can...