333 matches found
Information disclosure
Projectsend version r1295 is affected by sensitive information disclosure. Because of not checking authorization in ids parameter in files-edit.php and id parameter in process.php function, a user with uploader role can download and edit all files of users in application...
CVE-2021-40884
Projectsend version r1295 is affected by sensitive information disclosure. Because of not checking authorization in ids parameter in files-edit.php and id parameter in process.php function, a user with uploader role can download and edit all files of users in application...
CVE-2021-40884
CVE-2021-40884 affects ProjectSend version r1295. The root cause is missing authorization checks for the ids parameter in files-edit.php and the id parameter in process.php, enabling a user with uploader role to download and edit all users’ files. The vulnerability is described across multiple so...
CVE-2021-40886
Projectsend version r1295 is affected by a directory traversal vulnerability. A user with Uploader role can add value 2 for chunks parameter to bypass fileName sanitization...
CVE-2021-40886
Projectsend (version r1295) is affected by a directory traversal vulnerability where a user with the Uploader role can set chunks=2 to bypass fileName sanitization. This root cause is a paths/discovery issue that could enable access to restricted files via crafted directory traversal input. The C...
CVE-2021-40887
Projectsend version r1295 is affected by a directory traversal vulnerability. Because of lacking sanitization input for files parameter, an attacker can add ../ to move all PHP files or any file on the system that has permissions to /upload/files/ folder...
CVE-2021-40887
CVE-2021-40887 affects Projectsend vR1295 and is a directory traversal vulnerability. The issue arises from lack of sanitization for the files[] input parameter, enabling an attacker to append ../ to paths and access arbitrary files within the /upload/files/ directory (or other files the web serv...
CVE-2021-40888
Projectsend version r1295 is affected by Cross Site Scripting XSS due to lack of sanitization when echo output data in returnFilesIds function. A low privilege user can call this function through process.php file and execute scripting code...
CVE-2021-40888
CVE-2021-40888 concerns Projectsend (r1295) with a stored/ reflected XSS caused by lack of sanitization in returnFilesIds() output in the processing path (process.php). A low-privilege user can trigger the function to execute arbitrary script code. The provided documents confirm the vulnerability...
Projectsend 安全漏洞
An information disclosure vulnerability exists in ProjectSend version r1295, a free, customer-facing private file sharing web application. The vulnerability stems from the ids parameter in files-edit.php and the id parameter in process.php not checking for authorization. An attacker could exploit...
ProjectSend 路径遍历漏洞
A directory traversal vulnerability exists in ProjectSend version r1295, a free, customer-facing private file sharing Web application. The vulnerability stems from a lack of validation of the input to the files parameter. An attacker could exploit the vulnerability by adding ... /upload/files/...
ProjectSend 跨站脚本漏洞
Projectsend formerly known as cFTP is a suite of self-hosted applications based on PHP and MySQL. Projectsend suffers from a cross-site scripting vulnerability that stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit this vulnerability to...
ProjectSend 路径遍历漏洞
ProjectSend is a free, client-oriented, private file sharing web application. A directory traversal vulnerability exists in Projectsend version r1295. An attacker can exploit this vulnerability by adding the value 2 to the chunks parameter to bypass fileName validation...
Projectsend r1295 Cross Site Scripting
Exploit Title: Projectsend r1295 - 'name' Stored XSS Date: 30.08.2021 Exploit Author: Abdullah Kala Vendor Homepage: https://www.projectsend.org/ Software Link: https://www.projectsend.org/download/387/ Version: r1295 Tested on: Ubuntu 18.04 Description: Firstly add client group. After uploading...
Projectsend r1295 - 'name' Stored XSS
Exploit Title: Projectsend r1295 - 'name' Stored XSS Date: 30.08.2021 Exploit Author: Abdullah Kala Vendor Homepage: https://www.projectsend.org/ Software Link: https://www.projectsend.org/download/387/ Version: r1295 Tested on: Ubuntu 18.04 Description: Firstly add client group. After uploading...
Projectsend r1295 - (name) Stored XSS Vulnerability
Exploit Title: Projectsend r1295 - 'name' Stored XSS Exploit Author: Abdullah Kala Vendor Homepage: https://www.projectsend.org/ Software Link: https://www.projectsend.org/download/387/ Version: r1295 Tested on: Ubuntu 18.04 Description: Firstly add client group. After uploading the file from the...
in projectsend/projectsend
💥 BUG create client even when self client registration is disabled 💥 IMPACT any user can create create client even when self client registration is disabled 💥 STEP TO REPRODUCE 1. From admin account goto http://localhost/projectsend2/options.php?section=clients and disabled client registration....
Cross-site Scripting (XSS) - Reflected in projectsend/projectsend
✍️ Description GET parameter ?client= in Line 419 of manage-files.php sends unvalidated data to a web browser, which can result in the browser executing malicious code. In this case the data is sent at builtinecho in manage-files.php at line 419. 🕵️♂️ Proof of Concept Data enters a web application...
in projectsend/projectsend
💥 BUG privilege escalation bug to update admin email-address and company name etc . 💥 IMPACT unprivileged user can update admin email-address and company name etc 💥 STEP TO REPRODUCE 1. From admin account goto http://localhost/projectsend2/users.php and add new user called user-B with uploader...
Cross-site Scripting (XSS) - Reflected in projectsend/projectsend
💥 BUG reflected xss 💥 STEP TO REPRODUCE 1. Login to your account and visit url http://localhost/projectsend2/process.php?do=returnfilesids&files%5B0%5D%5Bname%5D=batch%5B%5D&files%5B0%5D%5Bvalue%5D=32%27%22%3E%3Cimg+src=x+onerror=alert%3E and see xss is executed 💥 IMPACT Attacker can execute...