Unrestricted File Upload in ProjectSend by the ProjectSend Vendor
CVE-2014-9567

Currently unrated

Key Information:

Vendor

Projectsend

Status
Projectsend
Vendor
CVE Published:
7 January 2015

What is CVE-2014-9567?

An unrestricted file upload vulnerability in the 'process-upload.php' script of ProjectSend enables remote attackers to upload files with executable PHP extensions. By exploiting this flaw, an attacker can execute arbitrary PHP code on the server. This vulnerability arises from inadequate validation of uploaded files, allowing malicious files to be stored in directories such as 'upload/files/' or 'upload/temp/', which can then be accessed directly to compromise the integrity and security of the affected system.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.exploit-db.com/exploits/35424
exploitx_refsource_EXPLOIT-DB
http://packetstormsecurity.com/files/129759/ProjectSend-A...
x_refsource_MISC
http://www.exploit-db.com/exploits/35660
exploitx_refsource_EXPLOIT-DB

EPSS Score

82% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.