2 matches found
CVE-2020-28874
The CVE-2020-28874 issue affects ProjectSend’s reset-password.php before r1295, where incorrect business logic allows password reset without a valid token. Root cause: user_data is derived from an uncleaned username (GET parameter) and then reused in POST flow, enabling an attacker to trick the s...
Exploit for Improper Authentication in Projectsend
This repository contains the description of the vulnerability fo...