Back

CVE-2024-7658

Aug. 12, 2024, 1:41 p.m.

Awaiting Analysis
CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

Products

projectsend

  • up to r1605

Source

cna@vuldb.com

Tags

cna@vuldb.com
CWE-99
2024-08-12
CVE-2024-7658

CVE-2024-7658 details

Published : Aug. 12, 2024, 1:38 p.m.
Last Modified : Aug. 12, 2024, 1:41 p.m.

Description

A vulnerability, which was classified as problematic, has been found in projectsend up to r1605. This issue affects the function get_preview of the file process.php. The manipulation leads to improper control of resource identifiers. The attack may be initiated remotely. Upgrading to version r1720 is able to address this issue. The patch is named eb5a04774927e5855b9d0e5870a2aae5a3dc5a08. It is recommended to upgrade the affected component.

CVSS Score

1 2 3 4 5.3 6 7 8 9 10

Weakness

Weakness Name Description
CWE-99 Improper Control of Resource Identifiers ('Resource Injection') The product receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier for a resource that may be outside the intended sphere of control.

CVSS Data

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

Base Score

5.3

Exploitability Score

3.9

Impact Score

1.4

Base Severity

MEDIUM

Vector String : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References

URL Source
https://github.com/projectsend/projectsend/commit/eb5a04774927e5855b9d0e5870a2aae5a3dc5a08 cna@vuldb.com
https://github.com/projectsend/projectsend/releases/tag/r1720 cna@vuldb.com
https://vuldb.com/?ctiid.274115 cna@vuldb.com
https://vuldb.com/?id.274115 cna@vuldb.com
https://vuldb.com/?submit.385000 cna@vuldb.com
This website uses the NVD API, but is not approved or certified by it.