COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2024-11680

CVE-2024-11680

Severity
high · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2024-12-03
Reference
https://nvd.nist.gov/vuln/detail/CVE-2024-11680
⌖ exploited in the wild shame 50/100 exploited-in-wild

ProjectSend contains an improper authentication vulnerability that allows a remote, unauthenticated attacker to enable unauthorized modification of the application's configuration via crafted HTTP requests to options.php. Successful exploitation allows attackers to create account

Players implicated

ProjectSend · vendorProjectSend · product

Description

ProjectSend contains an improper authentication vulnerability that allows a remote, unauthenticated attacker to enable unauthorized modification of the application's configuration via crafted HTTP requests to options.php. Successful exploitation allows attackers to create accounts, upload webshells, and embed malicious JavaScript.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.