CVE-2024-11680

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Nov 26, 2024
Updated: Dec 6, 2024
CWE ID 287
CWE ID 863

Summary

CVE-2024-11680 is a vulnerability affecting ProjectSend versions before r1720. This issue involves an improper authentication mechanism, allowing unauthenticated attackers to send crafted HTTP requests to the options.php file. By exploiting this flaw, adversaries can make unauthorized modifications to the application's configuration, including creating new accounts, uploading webshells, and embedding malicious JavaScript. Successful attacks may result in severe data breaches or even complete system compromise.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share