SQL Injection Vulnerability in ProjectSend by Itas
CVE-2015-2564

Currently unrated

Key Information:

Vendor: Projectsend
Status: Projectsend
Vendor: CVE Published:; 20 March 2015

What is CVE-2015-2564?

An SQL injection vulnerability exists in the client-edit.php script of ProjectSend r561. This flaw allows remote authenticated users to execute arbitrary SQL commands through improper validation of the 'id' parameter in users-edit.php. Exploitation of this vulnerability could lead to unauthorized data access and manipulation, posing significant security risks to affected instances.

References

http://www.itas.vn/news/itas-team-found-out-a-SQL-Injecti...

x_refsource_MISC

http://www.exploit-db.com/exploits/36303

exploitx_refsource_EXPLOIT-DB

http://packetstormsecurity.com/files/130691/ProjectSend-r...

x_refsource_MISC

Timeline

Vulnerability published
Mar 20, 2015
Vulnerability Reserved
Mar 20, 2015

Projectsend

What is CVE-2015-2564?

References

Timeline