CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-53980

ProjectSend r1605 contains a remote code execution vulnerability that allows attackers to upload malicious files by manipulating file extensions. Attackers can upload shell scripts with disguised extensions through the upload.process.php endpoint to execute arbitrary commands on the server.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 46.9%

CVSS Severity

CVSS v3 Score 9.8

References

https://www.exploit-db.com/exploits/51238
https://www.projectsend.org/
https://www.vulncheck.com/advisories/projectsend-remote-code-execution-via-file-extension-manipulation
https://www.exploit-db.com/exploits/51238

Products affected by CVE-2023-53980

Projectsend » Projectsend » Version: r1605

cpe:2.3:a:projectsend:projectsend:r1605

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-53980

Products

Pricing

Contact Us