Vulnerabilities > Projectsend > High

DATE CVE VULNERABILITY TITLE RISK
2024-08-12 CVE-2024-7659 Use of Insufficiently Random Values vulnerability in Projectsend
A vulnerability, which was classified as problematic, was found in projectsend up to r1605.
network
low complexity
projectsend CWE-330
7.5
2018-10-29 CVE-2016-10734 Improper Authorization vulnerability in Projectsend 582
ProjectSend (formerly cFTP) r582 allows Insecure Direct Object Reference via includes/actions.log.export.php.
network
low complexity
projectsend CWE-285
7.5
2018-10-29 CVE-2016-10733 Path Traversal vulnerability in Projectsend 582
ProjectSend (formerly cFTP) r582 allows directory traversal via file=../ in the process-zip-download.php query string.
network
low complexity
projectsend CWE-22
7.5
2018-10-29 CVE-2016-10732 Improper Authentication vulnerability in Projectsend 582
ProjectSend (formerly cFTP) r582 allows authentication bypass via a direct request for users.php, home.php, edit-file.php?file_id=1, or process-zip-download.php, or add_user_form_* parameters to users-add.php.
network
low complexity
projectsend CWE-287
7.5
2018-10-29 CVE-2016-10731 SQL Injection vulnerability in Projectsend 582
ProjectSend (formerly cFTP) r582 allows SQL injection via manage-files.php with the request parameter status, manage-files.php with the request parameter files, clients.php with the request parameter selected_clients, clients.php with the request parameter status, process-zip-download.php with the request parameter file, or home-log.php with the request parameter action.
network
low complexity
projectsend CWE-89
7.5
2017-06-18 CVE-2017-9741 Improper Input Validation vulnerability in Projectsend R754
install/make-config.php in ProjectSend r754 allows remote attackers to execute arbitrary PHP code via the dbprefix parameter, related to replacing TABLES_PREFIX in the configuration file.
network
low complexity
projectsend CWE-20
7.5
2015-01-07 CVE-2014-9567 Code Injection vulnerability in Projectsend
Unrestricted file upload vulnerability in process-upload.php in ProjectSend (formerly cFTP) r100 through r561 allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in the upload/files/ or upload/temp/ directory.
network
low complexity
projectsend CWE-94
7.5