Описание
Unrestricted file upload vulnerability in process-upload.php in ProjectSend (formerly cFTP) r100 through r561 allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in the upload/files/ or upload/temp/ directory.
Ссылки
- Exploit
- Exploit
- Exploit
- Exploit
- Exploit
- Exploit
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:projectsend:projectsend:100:*:*:*:*:*:*:*
cpe:2.3:a:projectsend:projectsend:102:*:*:*:*:*:*:*
cpe:2.3:a:projectsend:projectsend:105:*:*:*:*:*:*:*
cpe:2.3:a:projectsend:projectsend:110:*:*:*:*:*:*:*
cpe:2.3:a:projectsend:projectsend:155:*:*:*:*:*:*:*
cpe:2.3:a:projectsend:projectsend:156:*:*:*:*:*:*:*
cpe:2.3:a:projectsend:projectsend:157:*:*:*:*:*:*:*
cpe:2.3:a:projectsend:projectsend:161:*:*:*:*:*:*:*
cpe:2.3:a:projectsend:projectsend:180:*:*:*:*:*:*:*
cpe:2.3:a:projectsend:projectsend:335:*:*:*:*:*:*:*
cpe:2.3:a:projectsend:projectsend:375:*:*:*:*:*:*:*
cpe:2.3:a:projectsend:projectsend:405:*:*:*:*:*:*:*
cpe:2.3:a:projectsend:projectsend:412:*:*:*:*:*:*:*
cpe:2.3:a:projectsend:projectsend:514:*:*:*:*:*:*:*
cpe:2.3:a:projectsend:projectsend:561:*:*:*:*:*:*:*
EPSS
Процентиль: 99%
0.82894
Высокий
7.5 High
CVSS2
Дефекты
CWE-94
Связанные уязвимости
github
больше 3 лет назад
Unrestricted file upload vulnerability in process-upload.php in ProjectSend (formerly cFTP) r100 through r561 allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in the upload/files/ or upload/temp/ directory.
EPSS
Процентиль: 99%
0.82894
Высокий
7.5 High
CVSS2
Дефекты
CWE-94