CRITICAL🇬🇧 English

CVE-2016-10732

CVSS 9.8v3.0pub. 2018-10-29upd. 2024-11-21

ProjectSend (formerly cFTP) r582 allows authentication bypass via a direct request for users.php, home.php, edit-file.php?file_id=1, or process-zip-download.php, or add_user_form_* parameters to users-add.php.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Projectsend

    APP
    Projectsend
    582
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Auth Bypass
CWE
Referencje

Powiązane podatności

CVE-2024-11680CRITICAL9.8⚠ KEVPL ✓ten sam produkt

ProjectSend – pominięcie uwierzytelnienia umożliwiające RCE (r<1720)

CVE-2021-40887CRITICAL9.8ten sam produkt

Projectsend version r1295 is affected by a directory traversal vulnerability. Because of lacking sanitization ...

CVE-2016-10734CRITICAL9.8ten sam produkt

ProjectSend (formerly cFTP) r582 allows Insecure Direct Object Reference via includes/actions.log.export.php.

CVE-2016-10733CRITICAL9.8ten sam produkt

ProjectSend (formerly cFTP) r582 allows directory traversal via file=../ in the process-zip-download.php query...

CVE-2016-10731CRITICAL9.8ten sam produkt

ProjectSend (formerly cFTP) r582 allows SQL injection via manage-files.php with the request parameter status, ...