Security Advisory

CVE-2023-53930

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-12-17 22:44:57
Last updated 2026-04-07 14:07:51
Assigner VulnCheck
State PUBLISHED

Description

ProjectSend r1605 contains an insecure direct object reference vulnerability that allows unauthenticated attackers to download private files by manipulating the download ID parameter. Attackers can access any users private files by changing the id parameter in the download request to process.php.