PT-2024-38486 · Unknown · Projectsend
Casp3R0X0
+1
·
Published
2024-08-11
·
Updated
2025-01-13
·
CVE-2024-7658
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
ProjectSend versions up to r1605
Description
A vulnerability has been found in ProjectSend, affecting the
get preview function of the process.php file. This issue leads to improper control of resource identifiers and can be initiated remotely. The estimated number of potentially affected devices is not provided. There is no information about real-world incidents where this issue was exploited.Recommendations
For ProjectSend versions up to r1605, upgrade to version r1720 to address this issue. As a temporary workaround, consider disabling the
get preview function of the process.php file until the patch is applied. Restrict access to the process.php file to minimize the risk of exploitation.Fix
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Projectsend