#VU40965 Code Injection in ProjectSend - CVE-2014-9567

Cybersecurity Help s.r.o.

Published: 2015-01-07 | Updated: 2020-08-09

Vulnerability identifier: #VU40965

Vulnerability risk: Medium

CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2014-9567

CWE-ID: CWE-94

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
ProjectSend
Web applications / Other software

Vendor: ProjectSend

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Unrestricted file upload vulnerability in process-upload.php in ProjectSend (formerly cFTP) r100 through r561 allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in the upload/files/ or upload/temp/ directory.

Mitigation
Install update from vendor's website.

Vulnerable software versions

ProjectSend: 100 - 561

External links
https://osvdb.org/show/osvdb/116469
https://packetstormsecurity.com/files/129759/ProjectSend-Arbitrary-File-Upload.html
https://www.exploit-db.com/exploits/35424
https://www.exploit-db.com/exploits/35660
https://exchange.xforce.ibmcloud.com/vulnerabilities/99548

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

Latest bulletins with this vulnerability

Multiple vulnerabilities in ProjectSend