module
ProjectSend r1295 - r1605 Unauthenticated Remote Code Execution
| Disclosed |
|---|
| 2024-07-19 |
Disclosed
2024-07-19
Description
This module exploits an improper authorization vulnerability in ProjectSend versions r1295 through r1605.
The vulnerability allows an unauthenticated attacker to obtain remote code execution by enabling user registration,
disabling the whitelist of allowed file extensions, and uploading a malicious PHP file to the server.
The vulnerability allows an unauthenticated attacker to obtain remote code execution by enabling user registration,
disabling the whitelist of allowed file extensions, and uploading a malicious PHP file to the server.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.