SQL Injection in Projectsend
CVE-2015-2564
SQL injection vulnerability in client-edit.php in ProjectSend (formerly cFTP) r561 allows remote authenticated users to execute arbitrary SQL commands via the id parameter to users-edit.php.
Vulnerability class: SQL Injection
EPSS: 0.043 (89.1th percentile) — read the EPSS interpretation.
Affected products
- Projectsend — versions 561
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (Exploit, x_refsource_MISC)
- 36303 (Exploit, exploit, x_refsource_EXPLOIT-DB)
- cve@mitre.org (Exploit, x_refsource_MISC)
- 20150305 ProjectSend r561 - SQL injection vulnerability (mailing-list, Exploit, x_refsource_FULLDISC)
- 20150310 ProjectSend r561 - SQL injection vulnerability (mailing-list, x_refsource_BUGTRAQ)
- 119169 (x_refsource_OSVDB, vdb-entry)