Description

A vulnerability, which was classified as problematic, was found in ProjectSend r754. This affects an unknown part of the file process.php?do=zip_download. The manipulation of the argument client/file leads to information disclosure. It is possible to initiate the attack remotely.

Remediation

References

CVE-2017-20101

Related Vulnerabilities

MySQL CVE-2022-21335 Vulnerability (CVE-2022-21335)

WordPress Plugin Autoship Cloud PHP Object Injection (1.0.13)

WordPress Plugin User Registration-Custom Registration Form, Login Form And User Profile Security Bypass (2.3.2.1)

Atlassian Jira Observable Discrepancy Vulnerability (CVE-2020-4028)

WordPress Plugin All-In-One Security (AIOS)-Security and Firewall Multiple Vulnerabilities (4.1.2)

Severity

Medium

Classification

CVE-2017-20101 CWE-639 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities