← back
CVE-2019-11378

CVE-2019-11378

EPSS 3.6%
An issue was discovered in ProjectSend r1053. upload-process-form.php allows finished_files[]=../ directory traversal. It is possible for users to read arbitrary files and (potentially) access the supporting database, delete arbitrary files, access user passwords, or run arbitrary code.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/projectsend/projectsend/issues/700http://www.securityfocus.com/bid/108069