exploitDog

CVE-2023-53930

Опубликовано: 17 дек. 2025

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

ProjectSend r1605 contains an insecure direct object reference vulnerability that allows unauthenticated attackers to download private files by manipulating the download ID parameter. Attackers can access any user's private files by changing the 'id' parameter in the download request to process.php.

Ссылки

https://www.exploit-db.com/exploits/51400
Exploit
Third Party Advisory
https://www.projectsend.org/
Product
https://www.vulncheck.com/advisories/projectsend-insecure-direct-object-reference-file-download-vulnerability
Exploit
Third Party Advisory
https://www.exploit-db.com/exploits/51400
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:projectsend:projectsend:r1605:*:*:*:*:*:*:*

EPSS

Процентиль: 14%

0.00046

Низкий

7.5 High

CVSS3

Дефекты

CWE-639

Связанные уязвимости

GHSA-gc6r-xc3x-9vvg

CVSS3: 9.8

github

около 2 месяцев назад

ProjectSend r1605 contains an insecure direct object reference vulnerability that allows unauthenticated attackers to download private files by manipulating the download ID parameter. Attackers can access any user's private files by changing the 'id' parameter in the download request to process.php.

EPSS

Процентиль: 14%

0.00046

Низкий

7.5 High

CVSS3

Дефекты

CWE-639