{"id":14184,"date":"2024-12-05T08:51:13","date_gmt":"2024-12-05T08:51:13","guid":{"rendered":"https:\/\/sekuritasit.com\/?p=14184"},"modified":"2024-12-05T08:51:13","modified_gmt":"2024-12-05T08:51:13","slug":"projectsend-improper-authentication-vulnerability-cve-2024-11680","status":"publish","type":"post","link":"https:\/\/sekuritasit.com\/index.php\/2024\/12\/05\/projectsend-improper-authentication-vulnerability-cve-2024-11680\/","title":{"rendered":"ProjectSend Improper Authentication Vulnerability (CVE-2024-11680)"},"content":{"rendered":"<p>What is the attack?ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Remote, unauthenticated attackers can exploit this flaw by sending crafted HTTP requests to options.php, enabling unauthorized modification of the application&#8217;s configuration. Successful exploitation allows attackers to create accounts, upload web shells, and embed malicious JavaScript. ProjectSend is a free, open-source software that lets you share files with your clients with privacy. CVE-2024-11680 has been added to CISA Known Exploited Catalog (KEV) on December 4, 2024.What is the recommended Mitigation?ProjectSend has released a patch for CVE-2024-11680. Organizations that have not implemented the latest patch are advised to do so immediately.According to VulnCheck, it found that only 1% of users were using the patched version of ProjectSend (r1750).Public exploits for CVE-2024-11680 are available, and since the exploitation is confirmed, companies must assess exposure, implement fixes and take appropriate action.What FortiGuard Coverage is available?FortiGuard recommends users to apply the patch and follow any mitigation steps provided by the vendor if not done already.The FortiGuard Incident Response team can be engaged to help with any suspected compromise.FortiGuard IPS protection is being reviewed to block any attack attempts related to CVE-2024-11680.<a href=\"https:\/\/fortiguard.fortinet.com\/threat-signal-report\/5598\" target=\"_blank\" class=\"feedzy-rss-link-icon\">Read More<\/a>\u00a0<\/p>","protected":false},"excerpt":{"rendered":"<p>What is the attack?ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Remote, unauthenticated attackers can exploit this flaw by sending crafted HTTP requests to options.php, enabling unauthorized modification of the application&#8217;s configuration. Successful exploitation allows attackers to create accounts, upload web shells, and embed malicious JavaScript. ProjectSend is a free, open-source [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-14184","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"aioseo_notices":[],"aioseo_head":"\n\t\t<!-- All in One SEO 4.9.8 - aioseo.com -->\n\t<meta name=\"description\" content=\"What is the attack?ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Remote, unauthenticated attackers can exploit this flaw by sending crafted HTTP requests to options.php, enabling unauthorized modification of the application&#039;s configuration. Successful exploitation allows attackers to create accounts, upload web shells, and embed malicious JavaScript. ProjectSend is a free, open-source\" \/>\n\t<meta name=\"robots\" content=\"max-image-preview:large\" \/>\n\t<link rel=\"canonical\" href=\"https:\/\/sekuritasit.com\/index.php\/2024\/12\/05\/projectsend-improper-authentication-vulnerability-cve-2024-11680\/\" \/>\n\t<meta name=\"generator\" content=\"All in One SEO (AIOSEO) 4.9.8\" \/>\n\t\t<meta property=\"og:locale\" content=\"en_US\" \/>\n\t\t<meta property=\"og:site_name\" content=\"Sekuritas IT \u203a Creative solutions to unique challenges.\" \/>\n\t\t<meta property=\"og:type\" content=\"article\" \/>\n\t\t<meta property=\"og:title\" content=\"ProjectSend Improper Authentication Vulnerability (CVE-2024-11680) \u203a Sekuritas IT\" \/>\n\t\t<meta property=\"og:description\" content=\"What is the attack?ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Remote, unauthenticated attackers can exploit this flaw by sending crafted HTTP requests to options.php, enabling unauthorized modification of the application&#039;s configuration. Successful exploitation allows attackers to create accounts, upload web shells, and embed malicious JavaScript. ProjectSend is a free, open-source\" \/>\n\t\t<meta property=\"og:url\" content=\"https:\/\/sekuritasit.com\/index.php\/2024\/12\/05\/projectsend-improper-authentication-vulnerability-cve-2024-11680\/\" \/>\n\t\t<meta property=\"article:published_time\" content=\"2024-12-05T08:51:13+00:00\" \/>\n\t\t<meta property=\"article:modified_time\" content=\"2024-12-05T08:51:13+00:00\" \/>\n\t\t<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/profile.php?id=100086973577423\" \/>\n\t\t<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n\t\t<meta name=\"twitter:title\" content=\"ProjectSend Improper Authentication Vulnerability (CVE-2024-11680) \u203a Sekuritas IT\" \/>\n\t\t<meta name=\"twitter:description\" content=\"What is the attack?ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Remote, unauthenticated attackers can exploit this flaw by sending crafted HTTP requests to options.php, enabling unauthorized modification of the application&#039;s configuration. Successful exploitation allows attackers to create accounts, upload web shells, and embed malicious JavaScript. ProjectSend is a free, open-source\" \/>\n\t\t<script type=\"application\/ld+json\" class=\"aioseo-schema\">\n\t\t\t{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"BlogPosting\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2024\\\/12\\\/05\\\/projectsend-improper-authentication-vulnerability-cve-2024-11680\\\/#blogposting\",\"name\":\"ProjectSend Improper Authentication Vulnerability (CVE-2024-11680) \\u203a Sekuritas IT\",\"headline\":\"ProjectSend Improper Authentication Vulnerability (CVE-2024-11680)\",\"author\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/author\\\/#author\"},\"publisher\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/#organization\"},\"datePublished\":\"2024-12-05T08:51:13+00:00\",\"dateModified\":\"2024-12-05T08:51:13+00:00\",\"inLanguage\":\"en-US\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2024\\\/12\\\/05\\\/projectsend-improper-authentication-vulnerability-cve-2024-11680\\\/#webpage\"},\"isPartOf\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2024\\\/12\\\/05\\\/projectsend-improper-authentication-vulnerability-cve-2024-11680\\\/#webpage\"},\"articleSection\":\"Uncategorized\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2024\\\/12\\\/05\\\/projectsend-improper-authentication-vulnerability-cve-2024-11680\\\/#breadcrumblist\",\"itemListElement\":[{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/sekuritasit.com#listItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/sekuritasit.com\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/category\\\/uncategorized\\\/#listItem\",\"name\":\"Uncategorized\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/category\\\/uncategorized\\\/#listItem\",\"position\":2,\"name\":\"Uncategorized\",\"item\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/category\\\/uncategorized\\\/\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2024\\\/12\\\/05\\\/projectsend-improper-authentication-vulnerability-cve-2024-11680\\\/#listItem\",\"name\":\"ProjectSend Improper Authentication Vulnerability (CVE-2024-11680)\"},\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/sekuritasit.com#listItem\",\"name\":\"Home\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2024\\\/12\\\/05\\\/projectsend-improper-authentication-vulnerability-cve-2024-11680\\\/#listItem\",\"position\":3,\"name\":\"ProjectSend Improper Authentication Vulnerability (CVE-2024-11680)\",\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/category\\\/uncategorized\\\/#listItem\",\"name\":\"Uncategorized\"}}]},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/#organization\",\"name\":\"Sekuritas IT\",\"description\":\"Creative solutions to unique challenges.\",\"url\":\"https:\\\/\\\/sekuritasit.com\\\/\",\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/profile.php?id=100086973577423\"]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2024\\\/12\\\/05\\\/projectsend-improper-authentication-vulnerability-cve-2024-11680\\\/#webpage\",\"url\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2024\\\/12\\\/05\\\/projectsend-improper-authentication-vulnerability-cve-2024-11680\\\/\",\"name\":\"ProjectSend Improper Authentication Vulnerability (CVE-2024-11680) \\u203a Sekuritas IT\",\"description\":\"What is the attack?ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Remote, unauthenticated attackers can exploit this flaw by sending crafted HTTP requests to options.php, enabling unauthorized modification of the application's configuration. Successful exploitation allows attackers to create accounts, upload web shells, and embed malicious JavaScript. ProjectSend is a free, open-source\",\"inLanguage\":\"en-US\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/#website\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2024\\\/12\\\/05\\\/projectsend-improper-authentication-vulnerability-cve-2024-11680\\\/#breadcrumblist\"},\"author\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/author\\\/#author\"},\"creator\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/author\\\/#author\"},\"datePublished\":\"2024-12-05T08:51:13+00:00\",\"dateModified\":\"2024-12-05T08:51:13+00:00\"},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/#website\",\"url\":\"https:\\\/\\\/sekuritasit.com\\\/\",\"name\":\"Sekuritas IT\",\"alternateName\":\"Sekuritas\",\"description\":\"Creative solutions to unique challenges.\",\"inLanguage\":\"en-US\",\"publisher\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/#organization\"}}]}\n\t\t<\/script>\n\t\t<!-- All in One SEO -->\n\n","aioseo_head_json":{"title":"ProjectSend Improper Authentication Vulnerability (CVE-2024-11680) \u203a Sekuritas IT","description":"What is the attack?ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Remote, unauthenticated attackers can exploit this flaw by sending crafted HTTP requests to options.php, enabling unauthorized modification of the application's configuration. Successful exploitation allows attackers to create accounts, upload web shells, and embed malicious JavaScript. ProjectSend is a free, open-source","canonical_url":"https:\/\/sekuritasit.com\/index.php\/2024\/12\/05\/projectsend-improper-authentication-vulnerability-cve-2024-11680\/","robots":"max-image-preview:large","keywords":"","webmasterTools":{"miscellaneous":""},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"BlogPosting","@id":"https:\/\/sekuritasit.com\/index.php\/2024\/12\/05\/projectsend-improper-authentication-vulnerability-cve-2024-11680\/#blogposting","name":"ProjectSend Improper Authentication Vulnerability (CVE-2024-11680) \u203a Sekuritas IT","headline":"ProjectSend Improper Authentication Vulnerability (CVE-2024-11680)","author":{"@id":"https:\/\/sekuritasit.com\/index.php\/author\/#author"},"publisher":{"@id":"https:\/\/sekuritasit.com\/#organization"},"datePublished":"2024-12-05T08:51:13+00:00","dateModified":"2024-12-05T08:51:13+00:00","inLanguage":"en-US","mainEntityOfPage":{"@id":"https:\/\/sekuritasit.com\/index.php\/2024\/12\/05\/projectsend-improper-authentication-vulnerability-cve-2024-11680\/#webpage"},"isPartOf":{"@id":"https:\/\/sekuritasit.com\/index.php\/2024\/12\/05\/projectsend-improper-authentication-vulnerability-cve-2024-11680\/#webpage"},"articleSection":"Uncategorized"},{"@type":"BreadcrumbList","@id":"https:\/\/sekuritasit.com\/index.php\/2024\/12\/05\/projectsend-improper-authentication-vulnerability-cve-2024-11680\/#breadcrumblist","itemListElement":[{"@type":"ListItem","@id":"https:\/\/sekuritasit.com#listItem","position":1,"name":"Home","item":"https:\/\/sekuritasit.com","nextItem":{"@type":"ListItem","@id":"https:\/\/sekuritasit.com\/index.php\/category\/uncategorized\/#listItem","name":"Uncategorized"}},{"@type":"ListItem","@id":"https:\/\/sekuritasit.com\/index.php\/category\/uncategorized\/#listItem","position":2,"name":"Uncategorized","item":"https:\/\/sekuritasit.com\/index.php\/category\/uncategorized\/","nextItem":{"@type":"ListItem","@id":"https:\/\/sekuritasit.com\/index.php\/2024\/12\/05\/projectsend-improper-authentication-vulnerability-cve-2024-11680\/#listItem","name":"ProjectSend Improper Authentication Vulnerability (CVE-2024-11680)"},"previousItem":{"@type":"ListItem","@id":"https:\/\/sekuritasit.com#listItem","name":"Home"}},{"@type":"ListItem","@id":"https:\/\/sekuritasit.com\/index.php\/2024\/12\/05\/projectsend-improper-authentication-vulnerability-cve-2024-11680\/#listItem","position":3,"name":"ProjectSend Improper Authentication Vulnerability (CVE-2024-11680)","previousItem":{"@type":"ListItem","@id":"https:\/\/sekuritasit.com\/index.php\/category\/uncategorized\/#listItem","name":"Uncategorized"}}]},{"@type":"Organization","@id":"https:\/\/sekuritasit.com\/#organization","name":"Sekuritas IT","description":"Creative solutions to unique challenges.","url":"https:\/\/sekuritasit.com\/","sameAs":["https:\/\/www.facebook.com\/profile.php?id=100086973577423"]},{"@type":"WebPage","@id":"https:\/\/sekuritasit.com\/index.php\/2024\/12\/05\/projectsend-improper-authentication-vulnerability-cve-2024-11680\/#webpage","url":"https:\/\/sekuritasit.com\/index.php\/2024\/12\/05\/projectsend-improper-authentication-vulnerability-cve-2024-11680\/","name":"ProjectSend Improper Authentication Vulnerability (CVE-2024-11680) \u203a Sekuritas IT","description":"What is the attack?ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Remote, unauthenticated attackers can exploit this flaw by sending crafted HTTP requests to options.php, enabling unauthorized modification of the application's configuration. Successful exploitation allows attackers to create accounts, upload web shells, and embed malicious JavaScript. ProjectSend is a free, open-source","inLanguage":"en-US","isPartOf":{"@id":"https:\/\/sekuritasit.com\/#website"},"breadcrumb":{"@id":"https:\/\/sekuritasit.com\/index.php\/2024\/12\/05\/projectsend-improper-authentication-vulnerability-cve-2024-11680\/#breadcrumblist"},"author":{"@id":"https:\/\/sekuritasit.com\/index.php\/author\/#author"},"creator":{"@id":"https:\/\/sekuritasit.com\/index.php\/author\/#author"},"datePublished":"2024-12-05T08:51:13+00:00","dateModified":"2024-12-05T08:51:13+00:00"},{"@type":"WebSite","@id":"https:\/\/sekuritasit.com\/#website","url":"https:\/\/sekuritasit.com\/","name":"Sekuritas IT","alternateName":"Sekuritas","description":"Creative solutions to unique challenges.","inLanguage":"en-US","publisher":{"@id":"https:\/\/sekuritasit.com\/#organization"}}]},"og:locale":"en_US","og:site_name":"Sekuritas IT \u203a Creative solutions to unique challenges.","og:type":"article","og:title":"ProjectSend Improper Authentication Vulnerability (CVE-2024-11680) \u203a Sekuritas IT","og:description":"What is the attack?ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Remote, unauthenticated attackers can exploit this flaw by sending crafted HTTP requests to options.php, enabling unauthorized modification of the application's configuration. Successful exploitation allows attackers to create accounts, upload web shells, and embed malicious JavaScript. ProjectSend is a free, open-source","og:url":"https:\/\/sekuritasit.com\/index.php\/2024\/12\/05\/projectsend-improper-authentication-vulnerability-cve-2024-11680\/","article:published_time":"2024-12-05T08:51:13+00:00","article:modified_time":"2024-12-05T08:51:13+00:00","article:publisher":"https:\/\/www.facebook.com\/profile.php?id=100086973577423","twitter:card":"summary_large_image","twitter:title":"ProjectSend Improper Authentication Vulnerability (CVE-2024-11680) \u203a Sekuritas IT","twitter:description":"What is the attack?ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Remote, unauthenticated attackers can exploit this flaw by sending crafted HTTP requests to options.php, enabling unauthorized modification of the application's configuration. Successful exploitation allows attackers to create accounts, upload web shells, and embed malicious JavaScript. ProjectSend is a free, open-source"},"aioseo_meta_data":{"post_id":"14184","title":null,"description":null,"keywords":null,"keyphrases":null,"primary_term":null,"canonical_url":null,"og_title":null,"og_description":null,"og_object_type":"default","og_image_type":"default","og_image_url":null,"og_image_width":null,"og_image_height":null,"og_image_custom_url":null,"og_image_custom_fields":null,"og_video":null,"og_custom_url":null,"og_article_section":null,"og_article_tags":null,"twitter_use_og":false,"twitter_card":"default","twitter_image_type":"default","twitter_image_url":null,"twitter_image_custom_url":null,"twitter_image_custom_fields":null,"twitter_title":null,"twitter_description":null,"schema":{"blockGraphs":[],"customGraphs":[],"default":{"data":{"Article":[],"Course":[],"Dataset":[],"FAQPage":[],"Movie":[],"Person":[],"Product":[],"ProductReview":[],"Car":[],"Recipe":[],"Service":[],"SoftwareApplication":[],"WebPage":[]},"graphName":"","isEnabled":true},"graphs":[]},"schema_type":"default","schema_type_options":null,"pillar_content":false,"robots_default":true,"robots_noindex":false,"robots_noarchive":false,"robots_nosnippet":false,"robots_nofollow":false,"robots_noimageindex":false,"robots_noodp":false,"robots_notranslate":false,"robots_max_snippet":null,"robots_max_videopreview":null,"robots_max_imagepreview":"large","priority":null,"frequency":null,"local_seo":null,"breadcrumb_settings":null,"limit_modified_date":false,"ai":null,"created":"2024-12-05 09:01:54","updated":"2025-10-15 12:59:00","seo_analyzer_scan_date":null},"aioseo_breadcrumb":"<div class=\"aioseo-breadcrumbs\"><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/sekuritasit.com\" title=\"Home\">Home<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/sekuritasit.com\/index.php\/category\/uncategorized\/\" title=\"Uncategorized\">Uncategorized<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\tProjectSend Improper Authentication Vulnerability (CVE-2024-11680)\n\t\t<\/span><\/div>","aioseo_breadcrumb_json":[{"label":"Home","link":"https:\/\/sekuritasit.com"},{"label":"Uncategorized","link":"https:\/\/sekuritasit.com\/index.php\/category\/uncategorized\/"},{"label":"ProjectSend Improper Authentication Vulnerability (CVE-2024-11680)","link":"https:\/\/sekuritasit.com\/index.php\/2024\/12\/05\/projectsend-improper-authentication-vulnerability-cve-2024-11680\/"}],"_links":{"self":[{"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/posts\/14184","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/comments?post=14184"}],"version-history":[{"count":1,"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/posts\/14184\/revisions"}],"predecessor-version":[{"id":14191,"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/posts\/14184\/revisions\/14191"}],"wp:attachment":[{"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/media?parent=14184"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/categories?post=14184"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/tags?post=14184"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}