ProjectSend Panic: 99% Vulnerable to Critical Exploit – Patch Now!
VulnCheck sounds the alarm as ProjectSend users face a critical authentication bypass flaw, CVE-2024-11680. With 99% of instances still vulnerable, hackers exploit public exploits to upload webshells. If your landing page title looks like a cat walked across the keyboard, it’s time to update before your server becomes a hacker’s playground.

Hot Take:
Looks like ProjectSend users are in for a wild ride as their supposedly secure file-sharing app is now serving up webshells faster than a drive-thru at lunchtime. It’s a classic tale of “if it’s broke, don’t fix it”—or in this case, “ignore the patch and hope for the best.” Only 1% of users have patched this critical flaw, leaving the rest to fend off cyber baddies with nothing but a hope and a prayer. Who knew file sharing could be so exhilarating?
Key Points:
- CVE-2024-11680: A critical authentication bypass flaw in ProjectSend versions before r1720.
- Exploit allows for rogue account creation, webshell planting, and JavaScript injection.
- Despite a fix in May 2023, 99% of ProjectSend instances remain unpatched.
- Public exploits from Metasploit and Nuclei have increased attack activity.
- Urgent need to update to ProjectSend version r1750 to mitigate exploitation.