#CVE202411680

Hackers exploit ProjectSend flaw to backdoor exposed servers

by

November 27, 2024 at 04:04PM A critical authentication bypass flaw (CVE-2024-11680) in ProjectSend allows attackers to exploit vulnerable versions to upload webshells and gain remote access. Despite a fix released on May 16, 2023, 99% of users remain vulnerable. Active exploitation has surged since September 2024, necessitating urgent updates to version r1750. ### Meeting Takeaways … Read more