CNNVD-202512-3164 Information

CNNVD ID

CNNVD-202512-3164

Related CVE

CVE-2023-53905

• CNNVD Published: 2025-12-17

Description (Chinese)

ProjectSend（cFTP）是ProjectSend开源的一套基于PHP和MySQL的自托管应用程序。 ProjectSend（cFTP） r1605版本存在安全漏洞，该漏洞源于用户配置文件名称字段清理不当，可能导致CSV注入攻击。

Description (English)

ProjectSend(cFTP) is a set of PHP and MySQL-based self-administered applications from the open-source ProjectSend. ProjectSend(cFTP)r1605 has a security loophole, which arises from the inappropriate clean-up of the user profile name field, which could lead to an CSV injection attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

ProjectSend

Published

2025-12-17

Last Modified

2026-02-24

References

https://www.vulncheck.com/advisories/projectsend-csv-injection-via-user-account-export-functionality https://www.exploit-db.com/exploits/51517 https://www.projectsend.org/ https://access.redhat.com/security/cve/cve-2023-53905