Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
projectsend process.php get_preview resource injection
Vulnerability Description
A vulnerability, which was classified as problematic, has been found in projectsend up to r1605. This issue affects the function get_preview of the file process.php. The manipulation leads to improper control of resource identifiers. The attack may be initiated remotely. Upgrading to version r1720 is able to address this issue. The patch is named eb5a04774927e5855b9d0e5870a2aae5a3dc5a08. It is recommended to upgrade the affected component.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
对资源描述符的控制不恰当(资源注入)
Vulnerability Title
ProjectSend 安全漏洞
Vulnerability Description
ProjectSend(前称cFTP)是ProjectSend开源的一套基于PHP和MySQL的自托管应用程序。 ProjectSend r1605之前版本存在安全漏洞,该漏洞源于文件process.php的函数get_preview会导致对资源标识符的控制不当。
CVSS Information
N/A
Vulnerability Type
N/A