Submit #385004: ProjectSend ProjectSend file sharing web application r1605 Authentication Bypass Issuesinfo

TitleProjectSend ProjectSend file sharing web application r1605 Authentication Bypass Issues
DescriptionProjectSend file sharing web application is generating the reset password token using rand PHP function which is predictable, this leads to unauthenticated Account Take Over for any user including administrator account.
Source⚠️ https://github.com/projectsend/projectsend/commit/aa27eb97edc2ff2b203f97e6675d7b5ba0a22a17
User
 Casp3r0x0 (UID 64832)
Submission08/02/2024 12:47 (2 years ago)
Moderation08/10/2024 10:00 (8 days later)
StatusAccepted
VulDB entry274116 [projectsend up to r1605 Password Reset Token includes/functions.php generate_random_string random values]
Points16

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!