Main Vulnerability Database Exploits ID:10967 - Exploit for Improper Authentication in ProjectSend - CVE-2024-11680

ID:10967 - Exploit for Improper Authentication in ProjectSend - CVE-2024-11680

Published: December 6, 2024

Vulnerability identifier: #VU101016

Vulnerability risk: Critical

CVE-ID: CVE-2024-11680

CWE-ID: CWE-287

Exploitation vector: Remote access

Vulnerable software:
ProjectSend

Link to public exploit:

https://github.com/D3N14LD15K/CVE-2024-11680_PoC_Exploit

Vulnerability description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to missing authorization within the options.php file. A remote non-authenticated attacker can send a specially crafted HTTP request to the application and modify its configuration, which can lead to malicious file uploads and remote code execution.

Remediation

Install updates from vendor's website.

ID:10967 - Exploit for Improper Authentication in ProjectSend - CVE-2024-11680

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human