exploitDog

CVE-2023-53980

Опубликовано: 22 дек. 2025

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

ProjectSend r1605 contains a remote code execution vulnerability that allows attackers to upload malicious files by manipulating file extensions. Attackers can upload shell scripts with disguised extensions through the upload.process.php endpoint to execute arbitrary commands on the server.

Ссылки

https://www.exploit-db.com/exploits/51238
Exploit
Third Party Advisory
https://www.projectsend.org/
Product
https://www.vulncheck.com/advisories/projectsend-remote-code-execution-via-file-extension-manipulation
Third Party Advisory
Exploit
https://www.exploit-db.com/exploits/51238
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:projectsend:projectsend:r1605:*:*:*:*:*:*:*

EPSS

Процентиль: 56%

0.00343

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-434

Связанные уязвимости

GHSA-9wx9-rprp-6rxh

CVSS3: 9.8

github

около 2 месяцев назад

ProjectSend r1605 contains a remote code execution vulnerability that allows attackers to upload malicious files by manipulating file extensions. Attackers can upload shell scripts with disguised extensions through the upload.process.php endpoint to execute arbitrary commands on the server.

EPSS

Процентиль: 56%

0.00343

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-434