28 November 2024

Critical bug in ProjectSend file-sharing software exploited in the wild


Critical bug in ProjectSend file-sharing software exploited in the wild

A critical security vulnerability affecting ProjectSend, an open-source file-sharing platform, is reportedly being actively exploited, according to cybersecurity firm VulnCheck.

The flaw, tracked as CVE-2024-11680, allows attackers to execute arbitrary PHP code on unpatched servers. The vulnerability was initially discovered by Synacktiv in January 2023 and described as an improper authorization check in ProjectSend version r1605, released in October 2022.

Although the issue was addressed in a commit in May 2023, an official patch wasn't made available until August 2024 with the release of version r1720. By November 26, 2024, the flaw was officially assigned identifier CVE-2024-11680.

VulnCheck has observed exploitation attempts by unknown threat actors targeting public-facing ProjectSend servers since September 2024. The attackers have leveraged exploit code released by Project Discovery and Rapid7 to compromise vulnerable systems. As part of the exploitation, the attackers enable the user registration feature to gain elevated privileges for further malicious activity.

An analysis of approximately 4,000 internet-exposed ProjectSend servers revealed that only 1% are running the patched version (r1750), leaving the vast majority vulnerable.

That being said, users are strongly advised to update their systems as soon as possible to prevent the exploitation of the flaw.


Back to the list

Latest Posts

Cybersecurity Week in Review: January 24, 2025

Cybersecurity Week in Review: January 24, 2025

In brief: SonicWall SMA zero-day exploited in attacks, hackers are exploiting older Ivanti flaws, and more.
24 January 2025
AIRASHI DDoS botnet exploits a zero-day vulnerability in cnPilot routers

AIRASHI DDoS botnet exploits a zero-day vulnerability in cnPilot routers

The attacks have been active since June 2024.
23 January 2025
SonicWall SMA zero-day exploited in attacks

SonicWall SMA zero-day exploited in attacks

SonicWall has released a patch in version 12.4.3-02854 and higher versions to address the issue.
23 January 2025