Unrestricted File Upload in ProjectSend by the ProjectSend Vendor
CVE-2014-9567

Currently unrated

Key Information:

Vendor: Projectsend
Status: Projectsend
Vendor: CVE Published:; 7 January 2015

What is CVE-2014-9567?

An unrestricted file upload vulnerability in the 'process-upload.php' script of ProjectSend enables remote attackers to upload files with executable PHP extensions. By exploiting this flaw, an attacker can execute arbitrary PHP code on the server. This vulnerability arises from inadequate validation of uploaded files, allowing malicious files to be stored in directories such as 'upload/files/' or 'upload/temp/', which can then be accessed directly to compromise the integrity and security of the affected system.

References

http://www.exploit-db.com/exploits/35424

exploitx_refsource_EXPLOIT-DB

http://packetstormsecurity.com/files/129759/ProjectSend-A...

x_refsource_MISC

http://www.exploit-db.com/exploits/35660

exploitx_refsource_EXPLOIT-DB

EPSS Score

8% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jan 7, 2015
Vulnerability Reserved
Jan 7, 2015

Projectsend

What is CVE-2014-9567?

References

EPSS Score

Timeline