Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
ProjectSend Unrestricted Upload of File with Dangerous Type Vulnerability - CVE-2023-53980 - Vulnerability Database
ProjectSend

ProjectSend Unrestricted Upload of File with Dangerous Type Vulnerability - CVE-2023-53980

Critical
Reference: CVE-2023-53980
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2023-53980
Title: ProjectSend Unrestricted Upload of File with Dangerous Type Vulnerability
Overview:

ProjectSend r1605 contains a remote code execution vulnerability that allows attackers to upload malicious files by manipulating file extensions. Attackers can upload shell scripts with disguised extensions through the upload.process.php endpoint to execute arbitrary commands on the server.