Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

ProjectSend Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2017-20101)

Description

A vulnerability, which was classified as problematic, was found in ProjectSend r754. This affects an unknown part of the file process.php?do=zip_download. The manipulation of the argument client/file leads to information disclosure. It is possible to initiate the attack remotely.

Remediation

References

Related Vulnerabilities

FluxBB CVE-2011-3621 Vulnerability (CVE-2011-3621)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-6112)

WordPress Plugin Featured Content 'param' Parameter Cross-Site Scripting (0.0.1)

Drupal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-6932)

MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-1817)

Severity

Medium

Classification

CVE-2017-20101 CWE-639 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities