PT-2025-52717

Name of the Vulnerable Software and Affected Versions ProjectSend version r1605 Description ProjectSend r1605 contains a remote code execution issue that allows attackers to upload malicious files by manipulating file extensions. Attackers can upload shell scripts with disguised extensions throug...

ProjectSend 代码问题漏洞

ProjectSend cFTP is the ProjectSend open source suite of self-hosted applications based on PHP and MySQL. A code issue vulnerability exists in ProjectSend version r1605, which stems from a vulnerability that allows an attacker to upload malicious files by manipulating file extensions...

CVE-2023-53906

CVE-2023-53906 (projectSend r1605) is a stored cross-site scripting vulnerability where authenticated administrators can inject JavaScript via the custom assets configuration page. A payload placed in the custom assets section executes when other users load the affected page, enabling persistent ...

ProjectSend 安全漏洞

ProjectSend cFTP is the ProjectSend open source suite of self-hosted applications based on PHP and MySQL. A security vulnerability exists in ProjectSend r1605 that originates from an unauthenticated attacker who can download private files by manipulating the download ID parameter, which could lea...

ProjectSend 跨站脚本漏洞

ProjectSend cFTP is the ProjectSend open source suite of self-hosted applications based on PHP and MySQL. A cross-site scripting vulnerability exists in ProjectSend version r1605, which stems from improper cleanup of custom asset configuration pages and could lead to a stored cross-site scripting...

CVE-2024-7658

A vulnerability, which was classified as problematic, has been found in projectsend up to r1605. This issue affects the function getpreview of the file process.php. The manipulation leads to improper control of resource identifiers. The attack may be initiated remotely. Upgrading to version r1720...

CVE-2024-7658

A vulnerability, which was classified as problematic, has been found in projectsend up to r1605. This issue affects the function getpreview of the file process.php. The manipulation leads to improper control of resource identifiers. The attack may be initiated remotely. Upgrading to version r1720...

CVE-2024-7658

A vulnerability, which was classified as problematic, has been found in projectsend up to r1605. This issue affects the function getpreview of the file process.php. The manipulation leads to improper control of resource identifiers. The attack may be initiated remotely. Upgrading to version r1720...

CVE-2024-7659

A vulnerability, which was classified as problematic, was found in projectsend up to r1605. Affected is the function generaterandomstring of the file includes/functions.php of the component Password Reset Token Handler. The manipulation leads to insufficiently random values. It is possible to...

CVE-2024-7659

CVE-2024-7659 (projectsend) affects the Password Reset Token Handler: the function generate_random_string in includes/functions.php produces insufficiently random values. This can be exploited remotely, affecting projectsend up to version r1605 . The issue is addressed by upgrading to version r17...

projectSend r1605 - CSV injection Vulnerability

Exploit Title: projectSend r1605 - CSV injection Version: r1605 Bugs: CSV Injection Technology: PHP Vendor URL: https://www.projectsend.org/ Software Link: https://www.projectsend.org/ Author: Mirabbas Ağalarov Tested on: Windows 2. Technical Details & POC ========================================...

projectSend r1605 Cross Site Scripting

Exploit Title: projectSend r1605 - Stored XSS Application: projectSend Version: r1605 Bugs: Stored Xss Technology: PHP Vendor URL: https://www.projectsend.org/ Software Link: https://www.projectsend.org/ Date of found: 11-06-2023 Author: Mirabbas Ağalarov Tested on: Linux 2. Technical Details & P...

projectSend r1605 CSV Injection

Exploit Title: projectSend r1605 - CSV injection Version: r1605 Bugs: CSV Injection Technology: PHP Vendor URL: https://www.projectsend.org/ Software Link: https://www.projectsend.org/ Date of found: 11-06-2023 Author: Mirabbas Ağalarov Tested on: Windows 2. Technical Details & POC...

projectSend r1605 - Stored XSS

Exploit Title: projectSend r1605 - Stored XSS Application: projectSend Version: r1605 Bugs: Stored Xss Technology: PHP Vendor URL: https://www.projectsend.org/ Software Link: https://www.projectsend.org/ Date of found: 11-06-2023 Author: Mirabbas Ağalarov Tested on: Linux 2. Technical Details & P...

projectSend r1605 Private File Download

Exploit Title: projectSend r1605 - Private file download Application: projectSend Version: r1605 Bugs: IDOR Technology: PHP Vendor URL: https://www.projectsend.org/ Software Link: https://www.projectsend.org/ Date of found: 24-01-2023 Author: Mirabbas Ağalarov Tested on: Linux Technical Details &...

projectSend r1605 - Private file download

Exploit Title: projectSend r1605 - Private file download Application: projectSend Version: r1605 Bugs: IDOR Technology: PHP Vendor URL: https://www.projectsend.org/ Software Link: https://www.projectsend.org/ Date of found: 24-01-2023 Author: Mirabbas Ağalarov Tested on: Linux Technical Details &...

projectSend r1605 Remote Code Execution

Exploit Title: projectSend r1605 - Remote Code Exectution RCE Application: projectSend Version: r1605 Bugs: rce via file extension manipulation Technology: PHP Vendor URL: https://www.projectsend.org/ Software Link: https://www.projectsend.org/ Date of found: 26-01-2023 Author: Mirabbas Ağalarov...