Authentication Bypass Vulnerability in ProjectSend (formerly cFTP) r582

Authentication Bypass Vulnerability in ProjectSend (formerly cFTP) r582

CVE-2016-10732 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

ProjectSend (formerly cFTP) r582 allows authentication bypass via a direct request for users.php, home.php, edit-file.php?file_id=1, or process-zip-download.php, or add_user_form_* parameters to users-add.php.

Learn more about our User Device Pen Test.