| عنوان | ProjectSend ProjectSend file sharing web application r1605 Insecure direct object references |
|---|
| الوصف | ProjectSend file sharing web application before and including version r1605 is vulnerable to unauthenticated IDOR leads to leak the full URL for the images thumbnails if the uploaded file is an image that means an unauthenticated attacker could be able to see secret images in the system. |
|---|
| المصدر | ⚠️ https://github.com/projectsend/projectsend/commit/eb5a04774927e5855b9d0e5870a2aae5a3dc5a08 |
|---|
| المستخدم | Casp3r0x0 (UID 64832) |
|---|
| ارسال | 02/08/2024 12:41 PM (2 سنوات منذ) |
|---|
| الاعتدال | 10/08/2024 10:00 AM (8 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 274115 [projectsend حتى r1605 process.php get_preview تجاوز الصلاحيات] |
|---|
| النقاط | 17 |
|---|