The vulnerability in ProjectSend, rated 9.8 on the CVSS, is serious as it allows remote attackers to exploit improper authentication and modify configurations.
VulnCheck's analysis revealed that despite a patch for the critical vulnerability being available for over a year, 99% of ProjectSend instances remain unpatched and vulnerable.
Attackers exploiting CVE-2024-11680 could create new accounts, upload malicious files, and execute arbitrary PHP code, drastically compromising the application's security.
The severity of the situation is compounded by a recognized 'abysmal patch rate' in the community, reflecting a lack of urgency in addressing critical vulnerabilities.
Collection
[
|
...
]