Vulnerabilities > Projectsend > High

DATE CVE VULNERABILITY TITLE RISK
2024-08-12 CVE-2024-7659 Use of Insufficiently Random Values vulnerability in Projectsend
A vulnerability, which was classified as problematic, was found in projectsend up to r1605.
network
low complexity
projectsend CWE-330
7.5
2021-10-11 CVE-2021-40884 Missing Authorization vulnerability in Projectsend R1295
Projectsend version r1295 is affected by sensitive information disclosure.
network
low complexity
projectsend CWE-862
8.1
2021-01-26 CVE-2020-28874 Improper Resource Shutdown or Release vulnerability in Projectsend
reset-password.php in ProjectSend before r1295 allows remote attackers to reset a password because of incorrect business logic.
network
low complexity
projectsend CWE-404
7.5
2019-05-22 CVE-2018-7201 Improper Neutralization of Formula Elements in a CSV File vulnerability in Projectsend
CSV Injection was discovered in ProjectSend before r1053, affecting victims who import the data into Microsoft Excel.
network
low complexity
projectsend CWE-1236
8.8
2019-04-26 CVE-2019-11492 Information Exposure Through Log Files vulnerability in Projectsend
ProjectSend before r1070 writes user passwords to the server logs.
network
low complexity
projectsend CWE-532
7.5
2019-04-20 CVE-2019-11378 Path Traversal vulnerability in Projectsend R1053
An issue was discovered in ProjectSend r1053.
network
low complexity
projectsend CWE-22
8.8