CVE-2021-40884

Posted on by admin

CVE-2021-40884

Projectsend version r1295 is affected by sensitive information disclosure. Because of not checking authorization in ids parameter in files-edit.php and id parameter in process.php function, a user with uploader role can download and edit all files of users in application.

Source: CVE-2021-40884

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다