ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Remote, unauthenticated attackers can exploit this flaw by sending crafted HTTP requests to options.php, enabling unauthorized modification of the application's configuration. Successful exploitation allows attackers to create accounts, upload webshells, and embed malicious JavaScript.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
| Link | Tags |
|---|---|
| https://github.com/projectsend/projectsend/commit/193367d937b1a59ed5b68dd4e60bd53317473744 | patch |
| https://www.synacktiv.com/sites/default/files/2024-07/synacktiv-projectsend-multiple-vulnerabilities.pdf | mitigation third party advisory exploit technical description |
| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/projectsend_unauth_rce.rb | exploit |
| https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/projectsend-auth-bypass.yaml | third party advisory exploit |
| https://vulncheck.com/advisories/projectsend-bypass | third party advisory |