ProjectSend Panic: 99% Vulnerable to Critical Exploit – Patch Now!

VulnCheck sounds the alarm as ProjectSend users face a critical authentication bypass flaw, CVE-2024-11680. With 99% of instances still vulnerable, hackers exploit public exploits to upload webshells. If your landing page title looks like a cat walked across the keyboard, it’s time to update before your server becomes a hacker’s playground.

Pro Dashboard

Hot Take:

Looks like ProjectSend users are in for a wild ride as their supposedly secure file-sharing app is now serving up webshells faster than a drive-thru at lunchtime. It’s a classic tale of “if it’s broke, don’t fix it”—or in this case, “ignore the patch and hope for the best.” Only 1% of users have patched this critical flaw, leaving the rest to fend off cyber baddies with nothing but a hope and a prayer. Who knew file sharing could be so exhilarating?

Key Points:

  • CVE-2024-11680: A critical authentication bypass flaw in ProjectSend versions before r1720.
  • Exploit allows for rogue account creation, webshell planting, and JavaScript injection.
  • Despite a fix in May 2023, 99% of ProjectSend instances remain unpatched.
  • Public exploits from Metasploit and Nuclei have increased attack activity.
  • Urgent need to update to ProjectSend version r1750 to mitigate exploitation.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?