CNNVD-202512-3224 Information

Dec 17, 2025 cve

CNNVD ID

CNNVD-202512-3224

CVE-2023-53930

  • CNNVD Published: 2025-12-17

Description (Chinese)

ProjectSend(cFTP)是ProjectSend开源的一套基于PHP和MySQL的自托管应用程序。 ProjectSend r1605存在安全漏洞,该漏洞源于未经验证的攻击者可通过操纵下载ID参数下载私人文件,可能导致不安全的直接对象引用攻击。

Description (English)

ProjectSend(cFTP) is a set of PHP and MySQL-based self-administered applications from the open-source ProjectSend. Project Send r1605 has a security loophole, which stems from the fact that unverified assailants can download private documents by manipulating the downloading of ID parameters, which may lead to unsafe direct object reference attacks.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

ProjectSend

Published

2025-12-17

Last Modified

2026-02-24

References

https://www.exploit-db.com/exploits/51400 https://www.vulncheck.com/advisories/projectsend-insecure-direct-object-reference-file-download-vulnerability https://www.projectsend.org/ https://access.redhat.com/security/cve/cve-2023-53930

Share on: