CNNVD-202511-1837 Information

Nov 16, 2025 cve

CNNVD ID

CNNVD-202511-1837

CVE-2025-13232

  • CNNVD Published: 2025-11-16

Description (Chinese)

ProjectSend(cFTP)是ProjectSend开源的一套基于PHP和MySQL的自托管应用程序。 ProjectSend r1720及之前版本存在代码注入漏洞,该漏洞源于组件File Editor/Custom Download Aliases的错误操作,可能导致跨站脚本。

Description (English)

ProjectSend(cFTP) is a set of PHP and MySQL-based self-administered applications from the open-source ProjectSend. Project End r1720 and previous versions have code-injecting holes, which stem from the error of the File Editor/Custom Download Aliases component, which may result in a cross-site script.

Hazard Level

Critical

Vulnerability Type

代码注入

Affected Vendor

ProjectSend

Published

2025-11-16

Last Modified

2026-02-24

References

https://github.com/projectsend/projectsend/pull/1450 https://vuldb.com/?id.332558 https://github.com/projectsend/projectsend/releases/tag/r1945 https://vuldb.com/?submit.686533 https://github.com/projectsend/projectsend/commit/334da1ea39cb12f6b6e98dd2f80bb033e0c7b845 https://vuldb.com/?ctiid.332558 https://access.redhat.com/security/cve/cve-2025-13232

Patch

https://github.com/projectsend/projectsend/releases

Share on: