CVE-2014-9567 in ProjectSendinfo

Summary

Unrestricted file upload vulnerability in process-upload.php in ProjectSend (formerly cFTP) r100 through r561 allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in the upload/files/ or upload/temp/ directory.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Reservation

01/07/2015

Disclosure

01/07/2015

Moderation

VulDB entry created

Entries

1: VDB-73520

CPE

ready

CWE

CWE-94 (Confirmed)

Exploit

Download

CVSS

7.3

EPSS

0.82894

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2014-9567
NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-9567
CVE Details	https://www.cvedetails.com/cve/CVE-2014-9567/

◂ Previous Overview Next ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!