CVE-2024-7659

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Aug 12, 2024
Updated: Aug 15, 2024
CWE ID 330

Summary

CVE-2024-7659 is a vulnerability identified in projectsend up to version r1605. The issue lies in the generate_random_string function of includes/functions.php in the Password Reset Token Handler component. This vulnerability results in insufficiently random values, making it possible for remote attackers to exploit. However, the complexity of an attack is high and the exploitability is described as difficult. Upgrading to version r1720 is recommended to remedy this issue, with the patch named aa27eb97edc2ff2b203f97e6675d7b5ba0a22a17. It is strongly advised to upgrade the affected component promptly.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share