Unrated severityOSV Advisory· Published Dec 22, 2025· Updated Mar 5, 2026
ProjectSend r1605 Remote Code Execution via File Extension Manipulation
CVE-2023-53980
Description
ProjectSend r1605 contains a remote code execution vulnerability that allows attackers to upload malicious files by manipulating file extensions. Attackers can upload shell scripts with disguised extensions through the upload.process.php endpoint to execute arbitrary commands on the server.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Stable, r1053, r1070, …+ 1 more
- (no CPE)range: Stable, r1053, r1070, …
- (no CPE)range: = r1605
Patches
Vulnerability mechanics
References
3- www.exploit-db.com/exploits/51238mitreexploit
- www.vulncheck.com/advisories/projectsend-remote-code-execution-via-file-extension-manipulationmitrethird-party-advisory
- www.projectsend.orgmitreproduct
News mentions
0No linked articles in our index yet.