VYPR
Unrated severityOSV Advisory· Published Dec 22, 2025· Updated Mar 5, 2026

ProjectSend r1605 Remote Code Execution via File Extension Manipulation

CVE-2023-53980

Description

ProjectSend r1605 contains a remote code execution vulnerability that allows attackers to upload malicious files by manipulating file extensions. Attackers can upload shell scripts with disguised extensions through the upload.process.php endpoint to execute arbitrary commands on the server.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Stable, r1053, r1070, …+ 1 more
    • (no CPE)range: Stable, r1053, r1070, …
    • (no CPE)range: = r1605

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.