CVE-2019-11378

Name of the Vulnerable Software and Affected Versions ProjectSend version r1053

Description An issue was discovered that allows directory traversal through the upload-process-form.php file, potentially enabling users to read arbitrary files, access the supporting database, delete arbitrary files, access user passwords, or run arbitrary code.

Recommendations For ProjectSend version r1053, consider restricting access to the upload-process-form.php file until a patch is available to prevent directory traversal attacks. As a temporary workaround, limit the ability of users to upload files to prevent potential exploitation.