CVE-2024-7658
CVSS 3.1 Score 5.3 of 10 (medium)
Details
Summary
CVE-2024-7658 is a recently identified vulnerability affecting projectsend up to version r1605. The issue lies within the get_preview function in the file process.php, which enables an attacker to manipulate resource identifiers, resulting in improper resource control. This weakness can be exploited remotely, posing a significant security risk. Upgrading to projectsend version r1720 is advised to mitigate this vulnerability, with the patch identified as eb5a04774927e5855b9d0e5870a2aae5a3dc5a08. It is strongly recommended to update the affected component as soon as possible.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- ProjectSend
Affected Vendors
- Projectsend