Lmsilva

**Name of the Vulnerable Software and Affected Versions** ProjectSend version r1053 **Description** An issue was discovered that allows directory traversal through the upload-process-form.php file, potentially enabling users to read arbitrary files, access the supporting database, delete arbitrary files, access user passwords, or run arbitrary code. **Recommendations** For ProjectSend version r1053, consider restricting access to the upload-process-form.php file until a patch is available to prevent directory traversal attacks. As a temporary workaround, limit the ability of users to upload files to prevent potential exploitation.