CVE-2024-11680
ProjectSend Improper Authentication Vulnerability
⚠ KEVEPSS 93.5%
Description
ProjectSend contains an improper authentication vulnerability that allows a remote, unauthenticated attacker to enable unauthorized modification of the application's configuration via crafted HTTP requests to options.php. Successful exploitation allows attackers to create accounts, upload webshells, and embed malicious JavaScript.
How to fix CVE-2024-11680
No package mapping is available — consult the references below for vendor-specific guidance.
Is CVE-2024-11680 being exploited?
Yes — CVE-2024-11680 is on the CISA Known Exploited Vulnerabilities (KEV) catalog. Patch immediately.
Affected packages (0)
No package mapping in OSV.