CVE-2023-53980

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-53980
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53980.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-53980
Published
2025-12-22T22:16:03.710Z
Modified
2026-03-14T12:16:58.867752Z
Severity
  • 8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator
Summary
[none]
Details

ProjectSend r1605 contains a remote code execution vulnerability that allows attackers to upload malicious files by manipulating file extensions. Attackers can upload shell scripts with disguised extensions through the upload.process.php endpoint to execute arbitrary commands on the server.

References

Affected packages

Git / github.com/projectsend/projectsend

Affected ranges

Type
GIT
Repo
https://github.com/projectsend/projectsend
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
783d49463d2bff481260c54f8cb061dffeca16a1
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "r1605"
        }
    ]
}

Affected versions

Other
Stable
r1053
r1070
r1270
r1295
r1335
r1415
r1420
r1584
r1605
r559
r753
r754
r756

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53980.json"