Unrated severityOSV Advisory· Published Apr 20, 2019· Updated Aug 4, 2024
CVE-2019-11378
CVE-2019-11378
Description
An issue was discovered in ProjectSend r1053. upload-process-form.php allows finished_files[]=../ directory traversal. It is possible for users to read arbitrary files and (potentially) access the supporting database, delete arbitrary files, access user passwords, or run arbitrary code.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2r1053, r559, r753, …+ 1 more
- (no CPE)range: r1053, r559, r753, …
- (no CPE)range: r1053
Patches
Vulnerability mechanics
References
2- www.securityfocus.com/bid/108069mitrevdb-entryx_refsource_BID
- github.com/projectsend/projectsend/issues/700mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.