Hackers Exploit Critical ProjectSend Vulnerability: Secure Your Servers Now!

  • Home » Hackers Exploit Critical ProjectSend Vulnerability: Secure Your Servers Now!
NachoVPN
Featured News Latest News Latest Vulnerabilities Recommended News Security , , , , ,

Hackers Exploit Critical ProjectSend Vulnerability: Secure Your Servers Now!

Hackers have exploited a critical flaw in ProjectSend, a popular open-source file-sharing application, to gain unauthorized access to servers. The vulnerability, identified as CVE-2024-11680, allows attackers to bypass authentication and upload malicious files. Despite a patch being released in May 2023, many users remain vulnerable.

what-is-spyware-1200x630-1-1024x538 Hackers Exploit Critical ProjectSend Vulnerability: Secure Your Servers Now!

Understanding the Flaw

The flaw, tracked as CVE-2024-11680, is a critical authentication bug impacting ProjectSend versions before r1720. Attackers can send specially crafted HTTP requests to ‘options.php’ to change the application’s configuration. Successful exploitation allows the creation of rogue accounts, planting webshells, and embedding malicious JavaScript code.

Widespread Impact

ProjectSend is widely used by organizations that prefer self-hosted solutions over third-party services like Google Drive and Dropbox. According to Censys, there are roughly 4,000 public-facing ProjectSend instances online, most of which are vulnerable. VulnCheck reports that 99% of ProjectSend instances are still running a vulnerable version.

Surge in Exploitation

Since September 2024, when Metasploit and Nuclei released public exploits for CVE-2024-11680, active exploitation has increased. Researchers have observed attackers altering system settings to enable user registration, gaining unauthorized access, and deploying webshells to maintain control over compromised servers.

Mitigation Steps

VulnCheck warns that upgrading to ProjectSend version r1750 as soon as possible is critical as attacks are likely already widespread. The webshells are stored in the ‘upload/files’ directory, with names generated from a POSIX timestamp, the username’s SHA1 hash, and the original file name/extension. Direct access to these files through the web server indicates active exploitation.

Conclusion

In conclusion, the exploitation of CVE-2024-11680 highlights the importance of timely patching and updating software. Organizations using ProjectSend should immediately upgrade to the latest version and implement strong access controls to mitigate the risk of unauthorized access.

You think you have a story worth everyone’s time? SUBMIT A STORY and we will publish it

Share this content:

Tag

Related Posts

Post Comment