skip to content
Decrypt LOL

Get Cyber-Smart in Just 5 Minutes a Week

Decrypt delivers quick and insightful updates on cybersecurity. No spam, no data sharing—just the info you need to stay secure.

Read the latest edition

Critical Vulnerability in ProjectSend Under Exploitation

/ 1 min read

Critical flaw in ProjectSend under active exploitation. A severe security vulnerability in the ProjectSend open-source file-sharing application, identified as CVE-2024-11680 with a CVSS score of 9.8, is reportedly being exploited in the wild. Initially patched in May 2023, the fix was not officially released until August 2024. The flaw allows attackers to execute arbitrary PHP code on affected servers due to an improper authorization check, enabling sensitive actions like user registration and file upload manipulation. VulnCheck has noted that exploitation attempts began in September 2024, with only 1% of approximately 4,000 exposed servers running the latest patched version. Users are urged to update to the latest version immediately to protect against these active threats.