PT-2024-38487 · Unknown · Projectsend
Casp3R0X0
·
Published
2024-08-11
·
Updated
2024-08-15
·
CVE-2024-7659
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
ProjectSend versions up to r1605
Description
A vulnerability was found in the Password Reset Token Handler component, specifically in the
generate random string function of the file includes/functions.php. This issue leads to insufficiently random values, which can be exploited remotely. The complexity of an attack is rather high, and the exploitability is difficult.Recommendations
For versions up to r1605, upgrade to version r1720 to address this issue. As a temporary workaround, consider restricting the use of the
generate random string function in the Password Reset Token Handler until the upgrade is applied.Fix
Use of Insufficiently Random Values
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Projectsend