vendor:
ProjectSend
by:
Fady Mohamed Osman
7.5
CVSS
HIGH
File Upload
434
CWE
Product Name: ProjectSend
Affected Version From: r-561
Affected Version To: r-651
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested: Kubuntu 14.10 x64
2014
ProjectSend r-651 File Upload
This exploit allows an attacker to upload a file to a vulnerable instance of ProjectSend r-651. By sending a specially crafted request to the 'process-upload.php' script, an attacker can upload arbitrary files to the server.
Mitigation:
Update to a patched version of ProjectSend or implement proper file upload validation and security measures.