SecBoard
Back to CVE overview

CVE-2024-11680

CRITICAL(9.8)KEV — Actively Exploited

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Risk Signal Score82/100 — KRITISCH
  • CVSS 9.8 — Kritisch
  • EPSS 92% — sehr wahrscheinlich ausgenutzt
  • Im CISA KEV-Katalog (aktiv ausgenutzt)

CISA KEV

Confirmed exploited

EPSS-Score

92%

Exploit Probability (30 days)

CVSS Score

9.8

Technical Severity

Description

ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Remote, unauthenticated attackers can exploit this flaw by sending crafted HTTP requests to options.php, enabling unauthorized modification of the application's configuration. Successful exploitation allows attackers to create accounts, upload webshells, and embed malicious JavaScript.

References