ProjectSend r561 – SQL injection vulnerability

March 5, 2015 007admin Leave a comment

Posted by ITAS Team on Mar 05

#Vulnerability title: ProjectSend r561 – SQL injection vulnerability
#Product: ProjectSend r561
#Vendor: http://www.projectsend.org/
#Affected version: ProjectSend r561
#Download link: http://www.projectsend.org/download/67/
#Fixed version: N/A
#Author: Le Ngoc Phi (phi.n.le () itas vn) & ITAS Team (www.itas.vn)

::PROOF OF CONCEPT::

+ REQUEST:
GET /projectsend/users-edit.php?id=<SQL INJECTION HERE> HTTP/1.1
Host: target.org…

007 Software

ProjectSend r561 – SQL injection vulnerability

Leave a Reply Cancel reply

Software and Security Information