Vulnerabilities > Projectsend > Projectsend > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-11-26 | CVE-2024-11680 | Incorrect Authorization vulnerability in Projectsend ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. | 9.8 |
2021-10-11 | CVE-2021-40887 | Path Traversal vulnerability in Projectsend R1295 Projectsend version r1295 is affected by a directory traversal vulnerability. | 9.8 |
2018-10-29 | CVE-2016-10731 | SQL Injection vulnerability in Projectsend 582 ProjectSend (formerly cFTP) r582 allows SQL injection via manage-files.php with the request parameter status, manage-files.php with the request parameter files, clients.php with the request parameter selected_clients, clients.php with the request parameter status, process-zip-download.php with the request parameter file, or home-log.php with the request parameter action. | 9.8 |
2018-10-29 | CVE-2016-10732 | Improper Authentication vulnerability in Projectsend 582 ProjectSend (formerly cFTP) r582 allows authentication bypass via a direct request for users.php, home.php, edit-file.php?file_id=1, or process-zip-download.php, or add_user_form_* parameters to users-add.php. | 9.8 |
2018-10-29 | CVE-2016-10733 | Path Traversal vulnerability in Projectsend 582 ProjectSend (formerly cFTP) r582 allows directory traversal via file=../ in the process-zip-download.php query string. | 9.8 |
2018-10-29 | CVE-2016-10734 | Improper Authorization vulnerability in Projectsend 582 ProjectSend (formerly cFTP) r582 allows Insecure Direct Object Reference via includes/actions.log.export.php. | 9.8 |
2017-06-18 | CVE-2017-9741 | Improper Input Validation vulnerability in Projectsend R754 install/make-config.php in ProjectSend r754 allows remote attackers to execute arbitrary PHP code via the dbprefix parameter, related to replacing TABLES_PREFIX in the configuration file. | 9.8 |