ProjectSend contains an improper authentication vulnerability that allows a remote, unauthenticated attacker to enable unauthorized modification of the application's configuration via crafted HTTP requests to options.php. Successful exploitation allows attackers to create accounts, upload webshells, and embed malicious JavaScript.
PoC: CVE-2024-11680
CVE-2024-11680: Improper Authentication (CWE-287)
PoC: CVE-2024-11680_PoC_Exploit
This repository contains a Proof of Concept (PoC) exploit for CVE-2024-11680, a critical vulnerability in ProjectSend r1605 and older versions. The exploit targets a Cross-Site Request Forgery (CSRF) flaw in combination with Privilege Misconfiguration issues.
PoC: CVE-2024-11680
This repository contains a proof-of-concept (PoC) exploit for CVE-2024-11680, a critical vulnerability in ProjectSend r1605 and earlier versions. The exploit is aimed at incorrect authentication due to problems with incorrect privilege settings and command injection.
Get alerted for CVEs like this
Register your stack and get notified within minutes when a matching CVE drops.
Start monitoring free