CVE-2016-10731
Severity CVSS v4.0:
Pending analysis
Type:
CWE-89
SQL Injection
Publication date:
29/10/2018
Last modified:
18/12/2018
Description
ProjectSend (formerly cFTP) r582 allows SQL injection via manage-files.php with the request parameter status, manage-files.php with the request parameter files, clients.php with the request parameter selected_clients, clients.php with the request parameter status, process-zip-download.php with the request parameter file, or home-log.php with the request parameter action.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:projectsend:projectsend:582:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page