CVE-2024-11680: ProjectSend Improper Authentication Vulnerability.
ProjectSend Improper Authentication Vulnerability. ProjectSend contains an improper authentication vulnerability that allows a remote, unauthenticated attacker to enable unauthorized modification of the application's configuration via crafted HTTP requests to options.php. Successful exploitation allows attackers to create accounts, upload webshells, and embed malicious JavaScript.
- CISA KEV-listed (remediation due 2024-12-24)
- EPSS 93.5% (99.8% percentile)