Security Advisory

CVE-2019-11378

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-04-20 14:51:46

Last updated 2024-08-04 22:48:09

Assigner mitre

State PUBLISHED

Description

An issue was discovered in ProjectSend r1053. upload-process-form.php allows finished_files[]=../ directory traversal. It is possible for users to read arbitrary files and (potentially) access the supporting database, delete arbitrary files, access user passwords, or run arbitrary code.

← Browse all CVEs View on cve.org ↗