PT-2026-24917 · Git · Projectsend

Lighthousekeeper1212

Publicado

2026-03-12

Atualizado

2026-03-12

CVE-2026-3977

CVSS v2.0

6.5

Média

Vetor

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions projectsend versions prior to r1946

Description A security issue has been identified in projectsend related to the AJAX Endpoints component. The problem involves a missing authorization check within an unknown function of this component, allowing for remote exploitation. The manipulation of the AJAX Endpoints component can lead to unauthorized access. The patch identifier for this issue is 35dfd6f08f7d517709c77ee73e57367141107e6b.

Recommendations Deploy the patch with identifier 35dfd6f08f7d517709c77ee73e57367141107e6b.

Correção

Missing Authorization

Incorrect Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-862CWE-863

Identificadores relacionados

CVE-2026-3977

Produtos afetados

Projectsend

PT-2026-24917 · Git · Projectsend

CVE-2026-3977

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 13