Vulnerabilities > CVE-2017-20101 - Authorization Bypass Through User-Controlled Key vulnerability in Projectsend R754

CVSS 5.7 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

projectsend

CWE-639

NVD

Published: 2022-06-27

Updated: 2022-07-07

Summary

A vulnerability, which was classified as problematic, was found in ProjectSend r754. This affects an unknown part of the file process.php?do=zip_download. The manipulation of the argument client/file leads to information disclosure. It is possible to initiate the attack remotely.

Vulnerable Configurations

Part	Description	Count
Application	Projectsend Projectsend Projectsend R754	1

Common Weakness Enumeration (CWE)

CWE-639 - Authorization Bypass Through User-Controlled Key

References

http://seclists.org/fulldisclosure/2017/Feb/58
https://youtu.be/Xc6Jg9I7Pj4
https://vuldb.com/?id.97275