2025-12-17 22:44:57
VulnCheck
PUBLISHED
ProjectSend r1605 contains an insecure direct object reference vulnerability that allows unauthenticated attackers to download private files by manipulating the download ID parameter. Attackers can access any users private files by changing the id parameter in the download request to process.php.