Projectsend · Projectsend · CVE-2015-2564
**Name of the Vulnerable Software and Affected Versions**
ProjectSend (formerly cFTP) version r561
**Description**
The issue allows remote authenticated users to execute arbitrary SQL commands. This is achieved via the `id` parameter to the "users-edit.php" endpoint.
**Recommendations**
For version r561, update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to the "users-edit.php" endpoint to minimize the risk of exploitation. Avoid using the `id` parameter in the affected endpoint until the issue is resolved.