Metrics
Affected Vendors & Products
Fri, 06 Dec 2024 19:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-863 |
Tue, 03 Dec 2024 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
kev
|
Tue, 03 Dec 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
ssvc
|
Tue, 26 Nov 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Projectsend
Projectsend projectsend |
|
CPEs | cpe:2.3:a:projectsend:projectsend:*:*:*:*:*:*:*:* | |
Vendors & Products |
Projectsend
Projectsend projectsend |
|
Metrics |
ssvc
|
Tue, 26 Nov 2024 10:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Remote, unauthenticated attackers can exploit this flaw by sending crafted HTTP requests to options.php, enabling unauthorized modification of the application's configuration. Successful exploitation allows attackers to create accounts, upload webshells, and embed malicious JavaScript. | |
Title | ProjectSend Unauthenticated Configuration Modification | |
Weaknesses | CWE-287 | |
References |
|
|
Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: VulnCheck
Published: 2024-11-26T09:55:23.588Z
Updated: 2024-12-06T04:55:28.192Z
Reserved: 2024-11-25T15:03:30.218Z
Link: CVE-2024-11680
Updated: 2024-11-26T14:19:04.072Z
Status : Analyzed
Published: 2024-11-26T10:15:04.540
Modified: 2024-12-06T18:42:17.390
Link: CVE-2024-11680
No data.