- Description
- ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Remote, unauthenticated attackers can exploit this flaw by sending crafted HTTP requests to options.php, enabling unauthorized modification of the application's configuration. Successful exploitation allows attackers to create accounts, upload webshells, and embed malicious JavaScript.
- Source
- disclosure@vulncheck.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- ProjectSend Improper Authentication Vulnerability
- Exploit added on
- Dec 3, 2024
- Exploit action due
- Dec 24, 2024
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
🔴 Critical RCE Vulnerability in ProjectSend (#CVE-2024-11680): https://t.co/8rIvMzh25K
@dailycve
30 Dec 2024
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ProjectSend məhsulunda kritik boşluq (CVE-2024-11680) aşkar olunub. #ETX #certaz #cybersecurity #kibertəhlükəsizlik #xəbərdarlıq https://t.co/I2bCV6glf8
@CERTAzerbaijan
27 Dec 2024
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔴 ProjectSend, Improper Authentication Vulnerability, #CVE-2024-11680 (Critical) https://t.co/7QHWb1yBhK
@dailycve
7 Dec 2024
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA Warns of Exploitation of Flaws in ProjectSend, CyberPanel, and Zyxel: CVE-2024-51378 CVE-2023-45727 CVE-2024-11680 CVE-2024-11667 CVE-2024-45841 CVE-2024-47133 CVE-2024-52564 https://t.co/qerETOTK91
@vault33org
5 Dec 2024
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
GitHub - D3N14LD15K/CVE-2024-11680_PoC_Exploit: This repository contains a Proof of Concept (PoC) exploit for CVE-2024-11680, a critical vulnerability in ProjectSend r1605 and older versions. https://t.co/CzDBdIqCFB
@piedpiper1616
4 Dec 2024
568 Impressions
3 Retweets
4 Likes
5 Bookmarks
0 Replies
0 Quotes
🚨Proof of Concept (PoC) Exploit for CVE-2024-11680, Critical Vulnerability in ProjectSend https://t.co/psZGXDwDCQ
@DarkWebInformer
4 Dec 2024
5182 Impressions
12 Retweets
58 Likes
15 Bookmarks
1 Reply
0 Quotes
CVE-2024-11667 is getting exploited #inthewild. Find out more at https://t.co/3DJJRw40Uh CVE-2024-11680 is getting exploited #inthewild. Find out more at https://t.co/fRRrITY2ke CVE-2023-45727 is getting exploited #inthewild. Find out more at https://t.co/qiH2XzNI4L
@inthewildio
4 Dec 2024
106 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-45727 North Grid Proself Improper Restriction of XML External Entity (XEE) Reference Vulnerability CVE-2024-11680 ProjectSend Improper… htt
@johnmstark
3 Dec 2024
55 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2024-11680 #ProjectSend Improper Authentication Vulnerability https://t.co/G2FoZjd4d2
@ScyScan
3 Dec 2024
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔴 ProjectSend, Improper Authentication, #CVE-2024-11680 (Critical) - Critical https://t.co/XTKHiaFPlD
@dailycve
3 Dec 2024
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA Adds Three Known Exploited Vulnerabilities to Catalog: CVE-2024-11667 - Zyxel Multiple Firewalls Path Traversal CVE-2024-11680 - ProjectSend Improper Authentication CVE-2023-45727 - North Grid Proself Improper Restriction of XML External Entity (XEE) Reference… https://t.co/
@TMJIntel
3 Dec 2024
63 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【リンク集:11月29日~12月2日のセキュリティ関連ニュース/記事】 <脆弱性> ・MediaTek、スマートフォン用チップセットの深刻度高い脆弱性にパッチ(CVE-2024-20125) https://t.co/tr8hfGyxtF ・ProjectSendに重大な脆弱性、アクターらが悪用:CVE-2024-11680 https://t.co/wRvXHBgq1Z… https://t.co/PdSy2a1iPm
@MachinaRecord
2 Dec 2024
60 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ProjectSend open-source file-sharing web application has a high-risk authentication bypass vulnerability (CVE-2024-11680) with a CVSS 3.1 score as high as 9.8. https://t.co/61tKMqFJAN
@darkwebinsight
1 Dec 2024
5 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
1 Quote
ProjectSend Exploited by Threat actors using CVE-2024-11680 #ProjectSend #CVE-2024-11680 https://t.co/R0EJXACiMH
@pravin_karthik
29 Nov 2024
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical Flaw in ProjectSend Under Active Exploitation Against Public-Facing Servers: https://t.co/XBd5GIhVpd A critical vulnerability (CVE-2024-11680, CVSS 9.8) in ProjectSend, an open-source file-sharing application, is actively exploited, allowing attackers to execute… https:
@securityRSS
28 Nov 2024
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-11680, a critical flaw in the ProjectSend file-sharing application, is being actively exploited by threat actors. Users are urged to update to version r1750 to protect against arbitrary code execution and other attacks. https://t.co/leBzSc6qac #ProjectSend #PatchNow ht
@redsecuretech
28 Nov 2024
13 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
⚠️⚠️ CVE-2024-11680 (CVSS score: 9.8) Projectsend Critical Flaw actively exploited in the wild 🎯4.7k+ Results are found on the https://t.co/pb16tGYaKe nearly year. 🔗FOFA Link:https://t.co/TFFau74KVe FOFA Query:(title="Log In » " && header="Set-Cookie: PHPSE
@fofabot
28 Nov 2024
782 Impressions
3 Retweets
7 Likes
1 Bookmark
0 Replies
0 Quotes
A vulnerability in the ProjectSend file-sharing app (CVE-2024-11680, CVSS 9.8) is being exploited in the wild, per @VulnCheck. in version r1605 allows attackers to execute PHP code 🚨 Update to the latest version ASAP to mitigate risks! #CyberSecurity #Vulnerability #ProjectSend
@iJagSingh
28 Nov 2024
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE Alert: ProjectSend Improper Authentication Vulnerability Exploited In The Wild🚨 Vulnerability Details: CVE-2024-11680 (CVSS 9.8/10) ProjectSend Improper Authentication Vulnerability Impact A Successful exploit may allows an attacker to perform sensitive actions such as…
@CyberxtronTech
28 Nov 2024
62 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
OSSのファイル共有アプリProjectSendの重大(Critical)な脆弱性が悪用されている。VulnCheck社報告。CVE-2024-11680はCVSSスコア9.8で、不適切な認可検証。2023年1月に報告され、2023年5月にパッチがあったが、公式での取り込みは2024年8月。バッチ済みのサーバは1%に留まる。 https://t.co/GMaX6JaiWo
@__kokumoto
27 Nov 2024
1021 Impressions
4 Retweets
11 Likes
0 Bookmarks
0 Replies
0 Quotes
A critical #vulnerability (CVE-2024-11680) in the ProjectSend file-sharing app is being actively exploited. It allows attackers to execute malicious code on vulnerable servers. Don’t wait for an attack—patch now: https://t.co/LA4neyhoEG
@ExposinKingfish
27 Nov 2024
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A critical #vulnerability (CVE-2024-11680) in the ProjectSend file-sharing app is being actively exploited. It allows attackers to execute malicious code on vulnerable servers. Don’t wait for an attack—patch now: https://t.co/sAmpHmyjdZ... https://t.co/G1OFOgiWGp
@IT_news_for_all
27 Nov 2024
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A critical #vulnerability (CVE-2024-11680) in the ProjectSend file-sharing app is being actively exploited. It allows attackers to execute malicious code on vulnerable servers. Don’t wait for an attack—patch now: https://t.co/xwVcQRSRCw #infosec #cybersecurity
@TheHackersNews
27 Nov 2024
7602 Impressions
11 Retweets
28 Likes
1 Bookmark
1 Reply
0 Quotes
CVE-2024-11680 (CVSS 9.8): Critical ProjectSend Vulnerability Actively Exploited, PoC Published https://t.co/10pWgjSGi1
@testalways
27 Nov 2024
70 Impressions
1 Retweet
2 Likes
2 Bookmarks
0 Replies
0 Quotes
CVE-2024-11680 (CVSS 9.8): Critical ProjectSend Vulnerability Actively Exploited app:"ProjectSend" https://t.co/XvcZXWSmdR #PoC https://t.co/XYcc0JT95o
@Aarn63373424
27 Nov 2024
74 Impressions
0 Retweets
1 Like
2 Bookmarks
0 Replies
0 Quotes
CVE-2024-11680 (CVSS 9.8): Critical ProjectSend Vulnerability Actively Exploited, #PoC Published Critical vulnerability in #ProjectSend actively exploited. Learn how to protect your instance from unauthorized access and potential abuse https://t.co/S1dbtUuREo
@the_yellow_fall
27 Nov 2024
175 Impressions
0 Retweets
3 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2024-11680 ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Remote, unauthenticated attackers can exploit this flaw by sending craft… https://t.co/DtMVF1hTr1
@CVEnew
26 Nov 2024
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2024-11680: CRITICAL] ⚠️ ProjectSend versions before r1720 have a serious authentication vulnerability. Attackers can create accounts and upload malicious content remotely. Update now! 🔒🛡️ #cybersecurity#cybersecurity,#vulnerability https://t.co/uSRd8G1OWl https://t.co/Z6I
@CveFindCom
26 Nov 2024
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:projectsend:projectsend:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7595D81C-8332-4FF5-A6B6-DF6203DEF6A5",
"versionEndExcluding": "r1720"
}
],
"operator": "OR"
}
]
}
]