VYPR
Unrated severityOSV Advisory· Published Apr 20, 2019· Updated Aug 4, 2024

CVE-2019-11378

CVE-2019-11378

Description

An issue was discovered in ProjectSend r1053. upload-process-form.php allows finished_files[]=../ directory traversal. It is possible for users to read arbitrary files and (potentially) access the supporting database, delete arbitrary files, access user passwords, or run arbitrary code.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • r1053, r559, r753, …+ 1 more
    • (no CPE)range: r1053, r559, r753, …
    • (no CPE)range: r1053

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.