CVE-2023-53930

High CVSS: 7.1

ProjectSend r1605 contains an insecure direct object reference vulnerability that allows unauthenticated attackers to download private files by manipulating the download ID parameter. Attackers can access any user's private files by changing the 'id' parameter in the download request to process.php.

Vendor

Projectsend

Product

Projectsend

CWE

CWE-639

Yayın Tarihi

2025-12-17 23:15:52

Güncelleme

2025-12-27 17:15:44

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-639 Projectsend HIGH Projectsend 2025

Referanslar

https://www.exploit-db.com/exploits/51400 https://www.projectsend.org/ https://www.vulncheck.com/advisories/projectsend-insecure-direct-object-reference-file-download-vulnerability https://www.exploit-db.com/exploits/51400

Benzer Kayıtlar

High

CVE-2023-53980

ProjectSend r1605 contains a remote code execution vulnerability that allows attackers to upload malicious files by mani…

Medium

CVE-2023-53905

ProjectSend r1605 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas in…

Medium

CVE-2023-53906

projectSend r1605 contains a stored cross-site scripting vulnerability that allows authenticated administrators to injec…