Primary

Context

ProjectSend Insecure Direct Object Reference Vulnerability Allowing Unauthorized File Downloads

Vulnerability

An insecure direct object reference vulnerability has been identified in ProjectSend version r1605. This vulnerability allows unauthenticated attackers to download private files by manipulating the download ID parameter in the request to process.php. By changing the 'id' parameter to target specific files, attackers can access any user's private files, including those of the admin.

Impact

Exploitation of this vulnerability allows for unauthorized access to private files of any user, including administrative files.

Reproduction

To reproduce this vulnerability, send a GET request to process.php with the 'do' parameter set to 'download' and the 'id' parameter set to the ID of a private file belonging to any user. This can be done using a web browser or a tool like cURL or Postman. The request must include a valid PHP session cookie.

Added: Dec 17, 2025, 11:29 PM

Updated: Dec 17, 2025, 11:29 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

9.7

remediation

0.0

relevance

1.5

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

9.7

remediation

0.0

relevance

1.5

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ProjectSend Insecure Direct Object Reference Vulnerability Allowing Unauthorized File Downloads

Vulnerability

Impact

Reproduction

Affected Products

ProjectSend

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating