CNNVD-202512-3917 Information
Dec 22, 2025
cve
CNNVD ID
CNNVD-202512-3917
Related CVE
- CNNVD Published: 2025-12-22
Description (Chinese)
ProjectSend(cFTP)是ProjectSend开源的一套基于PHP和MySQL的自托管应用程序。 ProjectSend r1605版本存在代码问题漏洞,该漏洞源于允许攻击者通过操纵文件扩展名上传恶意文件。
Description (English)
ProjectSend(cFTP) is a set of PHP and MySQL-based self-administered applications from the open-source ProjectSend. The 1605 version of ProjectSend r1605 has a code gap, which stems from allowing the attackers to expand the uploading of malicious documents by manipulating documents.
Hazard Level
Low
Vulnerability Type
代码问题
Affected Vendor
ProjectSend
Published
2025-12-22
Last Modified
2026-02-24
References
https://www.exploit-db.com/exploits/51238 https://www.projectsend.org/ https://www.vulncheck.com/advisories/projectsend-remote-code-execution-via-file-extension-manipulation
Patch
https://www.projectsend.org/landing/
Share on: