File Management

ProjectSend

ProjectSend (previously cFTP) is a clients-oriented file uploading utility. Clients are created and assigned a username and a password. Then you can upload as much files as you want under each account with the ability to add a title and description to each one. ProjectSend provides easy and secure multi-file uploading and unlimited file size on ANY server Even on common hostings shared accounts.

Official Site:

https://www.projectsend.org

Severity Summary:

Critical: 3 High: 6 Medium: 9

Reference

Title

Severity

CVE-2024-11680

ProjectSend Incorrect Authorization Vulnerability

Critical

CVE-2017-9741

ProjectSend Improper Input Validation Vulnerability

Critical

CVE-2021-40887

ProjectSend Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability

Critical

CVE-2018-7201

ProjectSend Improper Neutralization of Formula Elements in a CSV File Vulnerability

High

CVE-2024-7659

ProjectSend Use of Insufficiently Random Values Vulnerability

High

CVE-2020-28874

ProjectSend Improper Privilege Management Vulnerability

High

CVE-2019-11492

ProjectSend Insertion of Sensitive Information into Log File Vulnerability

High

CVE-2021-40884

ProjectSend Incorrect Authorization Vulnerability

High

CVE-2019-11378

ProjectSend Unrestricted Upload of File with Dangerous Type Vulnerability

High

CVE-2024-7658

ProjectSend Authorization Bypass Through User-Controlled Key Vulnerability

Medium

CVE-2019-11533