This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: Arbitrary File Upload in ProjectSend. π **Consequences**: Attackers upload PHP files to execute **arbitrary code** on the server. π₯ **Impact**: Full server compromise via code execution.
Q2Root Cause? (CWE/Flaw)
π‘οΈ **Root Cause**: Flawed file validation in `process-upload.php`. β **Flaw**: Allows files with `.php` extensions to bypass security checks. π **CWE**: Implicitly related to **Arbitrary File Upload** (CWE-434).
π **Privileges**: Remote Code Execution (RCE). π **Data**: Access to server files, databases, and user data. π΅οΈ **Action**: Hackers run **any PHP code** directly on the host.
Q5Is exploitation threshold high? (Auth/Config)
β οΈ **Threshold**: **Low**. π **Auth**: Likely requires at least a basic account to upload files (typical for ProjectSend). π **Config**: Direct request to upload endpoint. No complex setup needed.
Q6Is there a public Exp? (PoC/Wild Exploitation)
π₯ **Public Exp?**: **YES**. π **Sources**: Exploit-DB (IDs: 35424, 35660). π₯ **Availability**: PoCs and exploits are publicly available on PacketStorm and Exploit-DB.
Q7How to self-check? (Features/Scanning)
π **Self-Check**: Scan for ProjectSend versions **r100-r561**. π‘ **Features**: Test file upload functionality for `.php` extension bypass. π οΈ **Tools**: Use WAF or vulnerability scanners targeting file upload flaws.
π΄ **Urgency**: **HIGH**. β‘ **Priority**: Critical due to **RCE** capability and **public exploits**. π **Action**: Patch immediately or isolate the service.