Security Advisory
CVE-2023-53930
CVE vulnerability detail — eXtreme Datacenter Security Operations
Description
ProjectSend r1605 contains an insecure direct object reference vulnerability that allows unauthenticated attackers to download private files by manipulating the download ID parameter. Attackers can access any users private files by changing the id parameter in the download request to process.php.