Vulnerabilities > Projectsend > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-12 | CVE-2024-7659 | Use of Insufficiently Random Values vulnerability in Projectsend A vulnerability, which was classified as problematic, was found in projectsend up to r1605. | 7.5 |
| 2018-10-29 | CVE-2016-10734 | Improper Authorization vulnerability in Projectsend 582 ProjectSend (formerly cFTP) r582 allows Insecure Direct Object Reference via includes/actions.log.export.php. | 7.5 |
| 2018-10-29 | CVE-2016-10733 | Path Traversal vulnerability in Projectsend 582 ProjectSend (formerly cFTP) r582 allows directory traversal via file=../ in the process-zip-download.php query string. | 7.5 |
| 2018-10-29 | CVE-2016-10732 | Improper Authentication vulnerability in Projectsend 582 ProjectSend (formerly cFTP) r582 allows authentication bypass via a direct request for users.php, home.php, edit-file.php?file_id=1, or process-zip-download.php, or add_user_form_* parameters to users-add.php. | 7.5 |
| 2018-10-29 | CVE-2016-10731 | SQL Injection vulnerability in Projectsend 582 ProjectSend (formerly cFTP) r582 allows SQL injection via manage-files.php with the request parameter status, manage-files.php with the request parameter files, clients.php with the request parameter selected_clients, clients.php with the request parameter status, process-zip-download.php with the request parameter file, or home-log.php with the request parameter action. | 7.5 |
| 2017-06-18 | CVE-2017-9741 | Improper Input Validation vulnerability in Projectsend R754 install/make-config.php in ProjectSend r754 allows remote attackers to execute arbitrary PHP code via the dbprefix parameter, related to replacing TABLES_PREFIX in the configuration file. | 7.5 |
| 2015-01-07 | CVE-2014-9567 | Code Injection vulnerability in Projectsend Unrestricted file upload vulnerability in process-upload.php in ProjectSend (formerly cFTP) r100 through r561 allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in the upload/files/ or upload/temp/ directory. | 7.5 |