Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
ProjectSend Incorrect Authorization Vulnerability - CVE-2021-40884 - Vulnerability Database
ProjectSend

ProjectSend Incorrect Authorization Vulnerability - CVE-2021-40884

High
Reference: CVE-2021-40884
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2021-40884
Title: ProjectSend Incorrect Authorization Vulnerability
Overview:

Projectsend version r1295 is affected by sensitive information disclosure. Because of not checking authorization in ids parameter in files-edit.php and id parameter in process.php function a user with uploader role can download and edit all files of users in application.