CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-28874

reset-password.php in ProjectSend before r1295 allows remote attackers to reset a password because of incorrect business logic. Errors are not properly considered (an invalid token parameter).

Exploit prediction scoring system (EPSS) score

EPSS Score 0.014

EPSS Ranking 79.1%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 5.0

References

Products affected by CVE-2020-28874

Projectsend » Projectsend » Version: 100

cpe:2.3:a:projectsend:projectsend:100
Projectsend » Projectsend » Version: 102

cpe:2.3:a:projectsend:projectsend:102
Projectsend » Projectsend » Version: 105

cpe:2.3:a:projectsend:projectsend:105
Projectsend » Projectsend » Version: 1053

cpe:2.3:a:projectsend:projectsend:1053
Projectsend » Projectsend » Version: 1070

cpe:2.3:a:projectsend:projectsend:1070
Projectsend » Projectsend » Version: 110

cpe:2.3:a:projectsend:projectsend:110
Projectsend » Projectsend » Version: 155

cpe:2.3:a:projectsend:projectsend:155
Projectsend » Projectsend » Version: 156

cpe:2.3:a:projectsend:projectsend:156
Projectsend » Projectsend » Version: 157

cpe:2.3:a:projectsend:projectsend:157
Projectsend » Projectsend » Version: 161

cpe:2.3:a:projectsend:projectsend:161
Projectsend » Projectsend » Version: 180

cpe:2.3:a:projectsend:projectsend:180
Projectsend » Projectsend » Version: 335

cpe:2.3:a:projectsend:projectsend:335
Projectsend » Projectsend » Version: 375

cpe:2.3:a:projectsend:projectsend:375
Projectsend » Projectsend » Version: 405

cpe:2.3:a:projectsend:projectsend:405
Projectsend » Projectsend » Version: 412

cpe:2.3:a:projectsend:projectsend:412
Projectsend » Projectsend » Version: 514

cpe:2.3:a:projectsend:projectsend:514
Projectsend » Projectsend » Version: 559

cpe:2.3:a:projectsend:projectsend:559
Projectsend » Projectsend » Version: 561

cpe:2.3:a:projectsend:projectsend:561
Projectsend » Projectsend » Version: 582

cpe:2.3:a:projectsend:projectsend:582
Projectsend » Projectsend » Version: 753

cpe:2.3:a:projectsend:projectsend:753
Projectsend » Projectsend » Version: 754

cpe:2.3:a:projectsend:projectsend:754
Projectsend » Projectsend » Version: 756

cpe:2.3:a:projectsend:projectsend:756
Projectsend » Projectsend » Version: r1053

cpe:2.3:a:projectsend:projectsend:r1053
Projectsend » Projectsend » Version: r1070

cpe:2.3:a:projectsend:projectsend:r1070
Projectsend » Projectsend » Version: r1270

cpe:2.3:a:projectsend:projectsend:r1270
Projectsend » Projectsend » Version: r375

cpe:2.3:a:projectsend:projectsend:r375
Projectsend » Projectsend » Version: r405

cpe:2.3:a:projectsend:projectsend:r405
Projectsend » Projectsend » Version: r412

cpe:2.3:a:projectsend:projectsend:r412
Projectsend » Projectsend » Version: r514

cpe:2.3:a:projectsend:projectsend:r514
Projectsend » Projectsend » Version: r559

cpe:2.3:a:projectsend:projectsend:r559
Projectsend » Projectsend » Version: r561

cpe:2.3:a:projectsend:projectsend:r561
Projectsend » Projectsend » Version: r571

cpe:2.3:a:projectsend:projectsend:r571
Projectsend » Projectsend » Version: r572

cpe:2.3:a:projectsend:projectsend:r572
Projectsend » Projectsend » Version: r582

cpe:2.3:a:projectsend:projectsend:r582
Projectsend » Projectsend » Version: r609

cpe:2.3:a:projectsend:projectsend:r609
Projectsend » Projectsend » Version: r753

cpe:2.3:a:projectsend:projectsend:r753
Projectsend » Projectsend » Version: r754

cpe:2.3:a:projectsend:projectsend:r754
Projectsend » Projectsend » Version: r756

cpe:2.3:a:projectsend:projectsend:r756

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-28874

Products

Pricing

Contact Us