PT-2026-30567 · Unknown · Projectsend
Aquanight
·
Published
2026-04-06
·
Updated
2026-04-06
·
CVE-2026-5624
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
ProjectSend version r2002
Description
A security flaw has been discovered in ProjectSend r2002 affecting unknown code within the
upload.php file. A manipulation of this code results in cross-site request forgery, and the attack can be initiated remotely. The exploit has been released publicly.Recommendations
Upgrade to version r2029 to resolve this issue.
Fix
CSRF
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Projectsend