Projectsend Projectsend
10 CVEs affecting Projectsend Projectsend. Latest disclosed: 2026-05-10. Critical: 3, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-53980 | Critical | 9.8 | 2025-12-22 | ProjectSend r1605 contains a remote code execution vulnerability that allows attackers to upload malicious files by manipulating file extensions. Attackers can… |
CVE-2024-11680 | Critical | 9.8 | 2024-11-26 | ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Remote, unauthenticated attackers can exploit this flaw by sendin… |
CVE-2017-9741 | Critical | 9.8 | 2017-06-18 | install/make-config.php in ProjectSend r754 allows remote attackers to execute arbitrary PHP code via the dbprefix parameter, related to replacing TABLES_PREFI… |
CVE-2023-53905 | High | 8.0 | 2025-12-17 | ProjectSend r1605 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into user profile names. Attackers can cr… |
CVE-2023-53930 | High | 7.5 | 2025-12-17 | ProjectSend r1605 contains an insecure direct object reference vulnerability that allows unauthenticated attackers to download private files by manipulating th… |
CVE-2021-47947 | Medium | 6.4 | 2026-05-10 | Projectsend r1295 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted in… |
CVE-2023-53906 | Medium | 4.8 | 2025-12-17 | projectSend r1605 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript through the cust… |
CVE-2015-2564 | | 2015-03-20 | SQL injection vulnerability in client-edit.php in ProjectSend (formerly cFTP) r561 allows remote authenticated users to execute arbitrary SQL commands via the… | |
CVE-2014-9580 | | 2015-01-08 | Cross-site scripting (XSS) vulnerability in ProjectSend (formerly cFTP) r561 allows remote attackers to inject arbitrary web script or HTML via the Description… | |
CVE-2014-9567 | | 2015-01-07 | Unrestricted file upload vulnerability in process-upload.php in ProjectSend (formerly cFTP) r100 through r561 allows remote attackers to execute arbitrary PHP… |