CVE-2021-40884
Published
CVSS v3
8.1
HIGH
CVSS v2
5.5
MEDIUM
Affected
1
PROJECT
Description
Projectsend version r1295 is affected by sensitive information disclosure. Because of not checking authorization in ids parameter in files-edit.php and id parameter in process.php function, a user with uploader role can download and edit all files of users in application.
ProjectSend is a free, open source software that lets you share files with your clients, focused on ease of use and privacy. It supports clients groups, system users roles, statistics, multiple languages, detailed logs... and much more!
GitHub