Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

projectSend — Vulnerabilities & Security Advisories 14

All 14 CVE vulnerabilities found in projectSend, with AI-generated Chinese analysis, references, and POCs.

This page documents security weaknesses associated with ProjectSend, a popular PHP-based file sharing and management system. It aggregates vulnerability data related to common weakness types such as cross-site scripting, unauthorized file access, and injection flaws that affect the application’s integrity and confidentiality. The content covers known issues reported from the project's early releases through to the most recent stable versions, ensuring a comprehensive historical record of security incidents. Here, users can track vendor advisories and patches released by the ProjectSend team to mitigate identified risks. Readers can also gain a deeper understanding of specific weakness classes by examining how they manifest within this particular software ecosystem, including code examples and exploitation contexts where available. Additionally, individuals can look up the vulnerability history of ProjectSend to assess the severity and prevalence of past exploits. This resource serves as a reference for security professionals, developers, and system administrators who need to evaluate the risk profile of the application. By consolidating these details in one location, the page facilitates better decision-making regarding updates, mitigations, and architectural reviews. The information provided is based on publicly available reports and official vendor notifications, ensuring accuracy and reliability for threat modeling and compliance auditing purposes.

Vendor: unspecified

CVE IDTitleCVSSSeverityPublished
CVE-2021-47947 Projectsend r1295 Stored Cross-Site Scripting via files-edit.php CWE-79 6.4 Medium2026-05-10
CVE-2026-5624 ProjectSend upload.php cross-site request forgery CWE-352 4.3 Medium2026-04-06
CVE-2026-4045 projectsend Auth.php response discrepancy CWE-204 3.7 Low2026-03-12
CVE-2026-4044 projectsend Delete import-orphans.php realpath path traversal CWE-22 3.8 Low2026-03-12
CVE-2026-3977 projectsend AJAX Endpoints authorization CWE-862 6.3 Medium2026-03-12
CVE-2023-53980 ProjectSend r1605 Remote Code Execution via File Extension Manipulation CWE-434 9.8 Critical2025-12-22
CVE-2023-53930 ProjectSend r1605 Insecure Direct Object Reference File Download Vulnerability CWE-639 7.5 High2025-12-17
CVE-2023-53905 ProjectSend r1605 CSV Injection via User Account Export Functionality CWE-1236 8.0 High2025-12-17
CVE-2023-53906 ProjectSend r1605 Stored Cross-Site Scripting via Custom Assets Page CWE-79 4.8 Medium2025-12-17
CVE-2025-13232 projectsend File Editor/Custom Download Aliases cross site scripting CWE-79 3.5 Low2025-11-16
CVE-2024-11680 ProjectSend Unauthenticated Configuration Modification CWE-306 9.8 Critical2024-11-26
CVE-2024-7659 projectsend Password Reset Token functions.php generate_random_string random values CWE-330 3.7 Low2024-08-11
CVE-2024-7658 projectsend process.php get_preview resource injection CWE-99 5.3 Medium2024-08-11
CVE-2017-20101 ProjectSend information disclosure CWE-200 3.5 Low2022-06-27

All 14 known CVE vulnerabilities affecting projectSend with full Chinese analysis, references, and POCs where available.