CVE-2016-10732

Name of the Vulnerable Software and Affected Versions ProjectSend (formerly cFTP) version r582

Description The issue allows for authentication bypass through direct requests to specific files or parameters. This can be achieved by accessing "users.php", "home.php", "edit-file.php?file id=1", or "process-zip-download.php" directly, or by adding "add user form *" parameters to "users-add.php".

Recommendations For ProjectSend (formerly cFTP) version r582, as a temporary workaround, consider restricting direct access to the files "users.php", "home.php", "edit-file.php", and "process-zip-download.php" until a patch is available. Additionally, restrict the use of "add user form *" parameters in "users-add.php" to minimize the risk of exploitation.