PT-2026-25004 · Undefined · Undefined
0Xnayel
+1
·
Published
2026-03-12
·
Updated
2026-03-30
·
CVE-2026-4045
CVSS v3.1
3.7
Low
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
projectsend versions prior to r1946
Description
A flaw exists in projectsend up to revision r1945. This impacts an unknown function within the
includes/Classes/Auth.php file. Manipulating the ldap email argument can cause an observable discrepancy in the response. The attack can be executed remotely and is associated with a high level of complexity. The exploit has been published. The vendor was contacted regarding this issue but did not respond.Recommendations
Update projectsend to version r1946 or later.
Exploit
Fix
Side Channel Attack
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Undefined