CVE-2016-10733

CVE-2016-10733

EPSS 2.1%

ProjectSend (formerly cFTP) r582 allows directory traversal via file=../ in the process-zip-download.php query string.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/sandboxescape/ProjectSend-multiple-vulnerabilities/