← back
CVE-2024-11680

ProjectSend Unauthenticated Configuration Modification

CVSS 9.8 CRITICALEPSS 91.6%● KEVCWE-306
In short

ProjectSend before version r1720 allows anyone on the internet to change the application's settings without logging in. Attackers can create fake accounts, upload malicious files, and inject harmful code into the website.

Technical detail

CWE-306 missing authentication vulnerability in options.php allows unauthenticated HTTP requests to modify ProjectSend configuration. Pre-conditions: unpatched version prior to r1720 accessible via web. Impact includes unauthorized account creation, arbitrary file upload (webshells), and persistent JavaScript injection.

Summary generated and translated by AI from the official description.
ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Remote, unauthenticated attackers can exploit this flaw by sending crafted HTTP requests to options.php, enabling unauthorized modification of the application's configuration. Successful exploitation allows attackers to create accounts, upload webshells, and embed malicious JavaScript.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
ProjectSend · ProjectSend
public PoCs found5
githubgithub.com/D3N14LD15K/CVE-2024-11680_PoC_Exploit12githubgithub.com/qucklecrabik/CVE-2024-116800cve_referencegithub.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/projectsend-auth-bypass.yamlunverifiedcve_referencegithub.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/projectsend_unauth_rce.rbunverifiedcve_referencewww.synacktiv.com/sites/default/files/2024-07/synacktiv-projectsend-multiple-vulnerabilities.pdfunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/projectsend-auth-bypass.yamlhttps://github.com/projectsend/projectsend/commit/193367d937b1a59ed5b68dd4e60bd53317473744https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/projectsend_unauth_rce.rbhttps://vulncheck.com/advisories/projectsend-bypasshttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-11680https://www.synacktiv.com/sites/default/files/2024-07/synacktiv-projectsend-multiple-vulnerabilities.pdf