Namdang

**Name of the Vulnerable Software and Affected Versions** SP Project & Document Manager versions prior to 4.72 **Description** Unauthorized access is possible due to a missing capability check in the `view file()` function. Unauthenticated attackers can read file metadata and obtain download links for arbitrary files stored within project folders on the server, potentially exposing sensitive information. The issue stems from an authorization gate that uses a negated nonce check OR-chained with permission checks; consequently, a missing or invalid nonce causes the condition to evaluate to true, bypassing capability and ownership checks. A secondary fallback check only restricts access to root-level files where `pid` is 0, leaving files in project folders exposed when a valid file ID is provided in a POST request to the 'admin-ajax.php' endpoint. **Recommendations** Update to a version later than 4.71. As a temporary workaround, restrict access to the 'admin-ajax.php' endpoint or the `view file()` function to minimize the risk of exploitation.