Home > Vulnerability Database > CVE-2024-7658

Mend.io Vulnerability Database

CVE-2024-7658

Good to know:

Date: August 10, 2024

A vulnerability, which was classified as problematic, has been found in projectsend up to r1605. This issue affects the function get_preview of the file process.php. The manipulation leads to improper control of resource identifiers. The attack may be initiated remotely. Upgrading to version r1720 is able to address this issue. The patch is named eb5a04774927e5855b9d0e5870a2aae5a3dc5a08. It is recommended to upgrade the affected component.

Language: PHP

Severity Score

5.3

Related Resources (7)

Url: https://vuldb.com/?submit.385000

Url: https://github.com/projectsend/projectsend/releases/tag/r1720

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-7658

Url: https://vuldb.com/?ctiid.274115

Url: https://github.com/projectsend/projectsend/commit/eb5a04774927e5855b9d0e5870a2aae5a3dc5a08

Url: https://vuldb.com/?id.274115

Url: https://www.mend.io/vulnerability-database/CVE-2024-7658

Severity Score

5.3

Weakness Type (CWE)

Improper Control of Resource Identifiers ('Resource Injection')

CWE-99

Authorization Bypass Through User-Controlled Key

CWE-639

Top Fix

Upgrade Version

Upgrade to version r1720

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2024-7658

Good to know:

Date: August 10, 2024

Language: PHP

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?