Critical ProjectSend Vulnerability Leaves 99% of Servers at Risk of Backdoor Attacks

Critical ProjectSend Vulnerability Leaves 99% of Servers at Risk of Backdoor Attacks

Critical Security Alert: ProjectSend File-Sharing Application Under Active Attack

A critical authentication bypass vulnerability (CVE-2024-11680) has been discovered in ProjectSend, affecting all versions before r1720. This open-source file-sharing platform is currently facing active exploitation attempts, putting thousands of organizations at risk.

Vulnerability Impact
The security flaw allows attackers to:
• Bypass authentication controls
• Create unauthorized user accounts
• Deploy malicious webshells
• Manipulate system settings
• Inject harmful JavaScript

Current Exposure Statistics
Of approximately 4,000 public-facing ProjectSend installations:
• 99% remain vulnerable
• 55% run version r1605 (October 2022)
• 44% run the April 2023 release
• Only 1% have updated to the secure version r1750

Active Exploitation
Security researchers have documented:
• Attacks ongoing since September 2024
• 121 unique attacking IP addresses
• Exploitation through Metasploit and Nuclei
• Webshell deployment in ‘upload/files’ directory
• Unauthorized system configuration changes

Immediate Action Required
All organizations using ProjectSend must upgrade to version r1750 immediately to protect against this actively exploited vulnerability. This issue particularly impacts organizations that rely on self-hosted solutions instead of cloud-based alternatives.

Share This Article