Vulnerabilities > CVE-2017-20101 - Authorization Bypass Through User-Controlled Key vulnerability in Projectsend R754

CVSS 3.5 - LOW

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

projectsend

CWE-639

NVD

Published: 2022-06-27

Updated: 2022-07-07

Summary

A vulnerability, which was classified as problematic, was found in ProjectSend r754. This affects an unknown part of the file process.php?do=zip_download. The manipulation of the argument client/file leads to information disclosure. It is possible to initiate the attack remotely.

Vulnerable Configurations

Part	Description	Count
Application	Projectsend Projectsend Projectsend R754	1

Common Weakness Enumeration (CWE)

CWE-639 - Authorization Bypass Through User-Controlled Key

References

http://seclists.org/fulldisclosure/2017/Feb/58
https://youtu.be/Xc6Jg9I7Pj4
https://vuldb.com/?id.97275