zCat on Nostr: ProjectSend Vulnerability Exploited in the Wild Threat actors are likely exploiting ...
ProjectSend Vulnerability Exploited in the Wild
Threat actors are likely exploiting ProjectSend servers unpatched against a vulnerability that was publicly disclosed roughly a year and a half ago, VulnCheck warns.
An open source application written in PHP, ProjectSend is designed for file sharing, enabling users to create client groups, assign user roles, and access statistics, detailed logs, notifications, and more.
The exploited issue, tracked as CVE-2024-11680 (CVSS score of 9.8), is described as an improper authentication vulnerability that could allow remote, unauthenticated attackers to modify the application’s configuration.
Attackers could send crafted HTTP requests to the options[.]php endpoint to create rogue accounts, upload webshells, and potentially embed malicious JavaScript code, a NIST advisory reads.
See more: https://www.securityweek.com/projectsend-vulnerability-exploited-in-the-wild/
#cybersecurity #php
Threat actors are likely exploiting ProjectSend servers unpatched against a vulnerability that was publicly disclosed roughly a year and a half ago, VulnCheck warns.
An open source application written in PHP, ProjectSend is designed for file sharing, enabling users to create client groups, assign user roles, and access statistics, detailed logs, notifications, and more.
The exploited issue, tracked as CVE-2024-11680 (CVSS score of 9.8), is described as an improper authentication vulnerability that could allow remote, unauthenticated attackers to modify the application’s configuration.
Attackers could send crafted HTTP requests to the options[.]php endpoint to create rogue accounts, upload webshells, and potentially embed malicious JavaScript code, a NIST advisory reads.
See more: https://www.securityweek.com/projectsend-vulnerability-exploited-in-the-wild/
#cybersecurity #php