mirror of
https://github.com/0xMarcio/cve.git
synced 2026-03-28 18:30:55 +01:00
793 B
793 B
CVE-2015-2564
Description
SQL injection vulnerability in client-edit.php in ProjectSend (formerly cFTP) r561 allows remote authenticated users to execute arbitrary SQL commands via the id parameter to users-edit.php.
POC
Reference
- http://packetstormsecurity.com/files/130691/ProjectSend-r561-SQL-Injection.html
- http://seclists.org/fulldisclosure/2015/Mar/30
- http://www.exploit-db.com/exploits/36303
Github
No PoCs found on GitHub currently.