threat
engine
.sh
Back
·
··:··
Home
/
Product
/
projectsend
Product
projectsend
29 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2023-53980
all versions
ProjectSend r1605 contains a remote code execution vulnerability that allows attackers to upload malicious files by manipulating f
9.8
CRITICAL
CVE-2023-53930
all versions
ProjectSend r1605 contains an insecure direct object reference vulnerability that allows unauthenticated attackers to download pri
7.5
HIGH
CVE-2023-53906
all versions
projectSend r1605 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject maliciou
4.8
MEDIUM
CVE-2023-53905
all versions
ProjectSend r1605 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into user pr
8.0
HIGH
CVE-2024-11680
< r1720
ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Remote, unauthenticated attackers ca
9.8
CRITICAL
CVE-2024-7659
< r1720
A vulnerability, which was classified as problematic, was found in projectsend up to r1605. Affected is the function generate_rand
3.7
LOW
CVE-2024-7658
< r1720
A vulnerability, which was classified as problematic, has been found in projectsend up to r1605. This issue affects the function g
5.3
MEDIUM
CVE-2023-0607
< r1606
Cross-site Scripting (XSS) - Stored in GitHub repository projectsend/projectsend prior to r1606.
4.8
MEDIUM
CVE-2017-20101
all versions
A vulnerability, which was classified as problematic, was found in ProjectSend r754. This affects an unknown part of the file proc
3.5
LOW
CVE-2021-40888
all versions
Projectsend version r1295 is affected by Cross Site Scripting (XSS) due to lack of sanitization when echo output data in returnFil
5.4
MEDIUM
CVE-2021-40887
all versions
Projectsend version r1295 is affected by a directory traversal vulnerability. Because of lacking sanitization input for files[] pa
9.8
CRITICAL
CVE-2021-40886
all versions
Projectsend version r1295 is affected by a directory traversal vulnerability. A user with Uploader role can add value
2
for `chu
6.5
MEDIUM
CVE-2021-40884
all versions
Projectsend version r1295 is affected by sensitive information disclosure. Because of not checking authorization in ids parameter
8.1
HIGH
CVE-2020-28874
< r1295
reset-password.php in ProjectSend before r1295 allows remote attackers to reset a password because of incorrect business logic. Er
7.5
HIGH
CVE-2018-7201
< 1053
CSV Injection was discovered in ProjectSend before r1053, affecting victims who import the data into Microsoft Excel.
8.8
HIGH
CVE-2018-7202
< r1053
An issue was discovered in ProjectSend before r1053. XSS exists in the "Name" field on the My Account page.
6.1
MEDIUM
CVE-2019-11533
< 1070
Cross-site scripting (XSS) vulnerability in ProjectSend before r1070 allows remote attackers to inject arbitrary web script or HTM
6.1
MEDIUM
CVE-2019-11492
< 1070
ProjectSend before r1070 writes user passwords to the server logs.
7.5
HIGH
CVE-2019-11378
all versions
An issue was discovered in ProjectSend r1053. upload-process-form.php allows finished_files[]=../ directory traversal. It is possi
8.8
HIGH
CVE-2016-10734
all versions
ProjectSend (formerly cFTP) r582 allows Insecure Direct Object Reference via includes/actions.log.export.php.
9.8
CRITICAL
CVE-2016-10733
all versions
ProjectSend (formerly cFTP) r582 allows directory traversal via file=../ in the process-zip-download.php query string.
9.8
CRITICAL
CVE-2016-10732
all versions
ProjectSend (formerly cFTP) r582 allows authentication bypass via a direct request for users.php, home.php, edit-file.php?file_id=
9.8
CRITICAL
CVE-2016-10731
all versions
ProjectSend (formerly cFTP) r582 allows SQL injection via manage-files.php with the request parameter status, manage-files.php wit
9.8
CRITICAL
CVE-2017-9786
<= r754
Cross-site scripting (XSS) vulnerability in ProjectSend (formerly cFTP) before commit 6c3710430be26feb5371cb0377e5355d6f9a27ca all
6.1
MEDIUM
CVE-2017-9783
<= r754
Cross-site scripting (XSS) vulnerability in ProjectSend (formerly cFTP) before commit 6c3710430be26feb5371cb0377e5355d6f9a27ca all
6.1
MEDIUM
CVE-2017-9741
all versions
install/make-config.php in ProjectSend r754 allows remote attackers to execute arbitrary PHP code via the dbprefix parameter, rela
9.8
CRITICAL
CVE-2015-2564
all versions
SQL injection vulnerability in client-edit.php in ProjectSend (formerly cFTP) r561 allows remote authenticated users to execute ar
CVE-2014-9580
all versions
Cross-site scripting (XSS) vulnerability in ProjectSend (formerly cFTP) r561 allows remote attackers to inject arbitrary web scrip
CVE-2014-9567
all versions
Unrestricted file upload vulnerability in process-upload.php in ProjectSend (formerly cFTP) r100 through r561 allows remote attack
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin