Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
ProjectSend Authorization Bypass Through User-Controlled Key Vulnerability - CVE-2023-53930 - Vulnerability Database
ProjectSend

ProjectSend Authorization Bypass Through User-Controlled Key Vulnerability - CVE-2023-53930

High
Reference: CVE-2023-53930
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2023-53930
Title: ProjectSend Authorization Bypass Through User-Controlled Key Vulnerability
Overview:

ProjectSend r1605 contains an insecure direct object reference vulnerability that allows unauthenticated attackers to download private files by manipulating the download ID parameter. Attackers can access any user39s private files by changing the 39id39 parameter in the download request to process.php.