CVE-2024-11680CISA KEV: Actively Exploited

ProjectSend Improper Authentication Vulnerability

Published Dec 3, 2024·Updated Dec 3, 2024

Description

ProjectSend contains an improper authentication vulnerability that allows a remote, unauthenticated attacker to enable unauthorized modification of the application's configuration via crafted HTTP requests to options.php. Successful exploitation allows attackers to create accounts, upload webshells, and embed malicious JavaScript.

Public Exploits & PoCs3 found

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free