CRITICAL🇬🇧 English

CVE-2016-10731

CVSS 9.8v3.0pub. 2018-10-29upd. 2024-11-21

ProjectSend (formerly cFTP) r582 allows SQL injection via manage-files.php with the request parameter status, manage-files.php with the request parameter files, clients.php with the request parameter selected_clients, clients.php with the request parameter status, process-zip-download.php with the request parameter file, or home-log.php with the request parameter action.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Projectsend

    APP
    Projectsend
    582
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
SQLi
CWE
Referencje

Powiązane podatności

CVE-2024-11680CRITICAL9.8⚠ KEVPL ✓ten sam produkt

ProjectSend – pominięcie uwierzytelnienia umożliwiające RCE (r<1720)

CVE-2021-40887CRITICAL9.8ten sam produkt

Projectsend version r1295 is affected by a directory traversal vulnerability. Because of lacking sanitization ...

CVE-2016-10734CRITICAL9.8ten sam produkt

ProjectSend (formerly cFTP) r582 allows Insecure Direct Object Reference via includes/actions.log.export.php.

CVE-2016-10733CRITICAL9.8ten sam produkt

ProjectSend (formerly cFTP) r582 allows directory traversal via file=../ in the process-zip-download.php query...

CVE-2016-10732CRITICAL9.8ten sam produkt

ProjectSend (formerly cFTP) r582 allows authentication bypass via a direct request for users.php, home.php, ed...

CVE-2016-10731 — CRITICAL 9.8 | CVEbaza.pl