Vulnerability Details CVE-2021-40887
Projectsend version r1295 is affected by a directory traversal vulnerability. Because of lacking sanitization input for files[] parameter, an attacker can add ../ to move all PHP files or any file on the system that has permissions to /upload/files/ folder.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 73.1%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
Products affected by CVE-2021-40887
-
cpe:2.3:a:projectsend:projectsend:r1295