SB2018102930 - Multiple vulnerabilities in ProjectSend

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018102930

SB2018102930 - Multiple vulnerabilities in ProjectSend

Published: October 29, 2018 Updated: November 9, 2020

Security Bulletin ID SB2018102930
Severity
High
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 secuirty vulnerabilities.


1) SQL injection (CVE-ID: CVE-2016-10731)

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists due to insufficient sanitization of user-supplied data via manage-files.php with the request parameter status, manage-files.php with the request parameter files, clients.php with the request parameter selected_clients, clients.php with the request parameter status, process-zip-download.php with the request parameter file, or home-log.php with the request parameter action in ProjectSend (formerly cFTP) r582. A remote attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.


2) Improper Authentication (CVE-ID: CVE-2016-10732)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

ProjectSend (formerly cFTP) r582 allows authentication bypass via a direct request for users.php, home.php, edit-file.php?file_id=1, or process-zip-download.php, or add_user_form_* parameters to users-add.php.


3) Path traversal (CVE-ID: CVE-2016-10733)

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to insufficient sanitization of user-supplied passed via . A remote attacker can send a specially crafted HTTP request containing directory traversal sequences and read contents of arbitrary files on the system.


4) Improper Authorization (CVE-ID: CVE-2016-10734)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

ProjectSend (formerly cFTP) r582 allows Insecure Direct Object Reference via includes/actions.log.export.php.


Remediation

Install update from vendor's website.

References