HTTP: ProjectSend options.php enable insecure options attempt
This signature detects attempts to exploit a known vulnerability against ProjectSend. A successful attack can lead to security bypass.
Extended Description
ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Remote, unauthenticated attackers can exploit this flaw by sending crafted HTTP requests to options.php, enabling unauthorized modification of the application's configuration. Successful exploitation allows attackers to create accounts, upload webshells, and embed malicious JavaScript.
Affected Products
Projectsend projectsend
References
CVE: CVE-2024-11680
Short Name
HTTP:CTS:PRJTSND-OPTN-AUTH-BYPS
Severity
Major
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CVE-2024-11680 ProjectSend attempt enable insecure options options.php
Release Date
05/14/2025
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3808
False Positive
Rarely
Vendors
Projectsend