CVE-2023-53930
CVE-2023-53930 affects ProjectSend version r1605. The issue is an insecure direct object reference in the download flow: an unauthenticated attacker can change the id parameter in the download request to process.php to download private files from any user. The available connected documents confir...