CVE-2024-11680CISA KEVEPSS p99.8%

CVE-2024-11680ProjectSend Improper Authentication Vulnerability

ProjectSend / ProjectSend

Description

ProjectSend contains an improper authentication vulnerability that allows a remote, unauthenticated attacker to enable unauthorized modification of the application's configuration via crafted HTTP requests to options.php. Successful exploitation allows attackers to create accounts, upload webshells, and embed malicious JavaScript.

Scoring

EPSS91.56% probability of exploitation · percentile 99.8% · 2026-06-17T12:03:21Z

CISA KEV entry

Added to KEV: 2024-12-03

(incoming)1

TypeTargetConfidenceTier
KEVEntryProjectSend Improper Authentication Vulnerabilitykev-cve-2024-116800%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-11074
CVE
PlaySMS Server-Side Template Injection Vulnerability
CVE
October CMS Improper Authentication
CVE
CVE-2025-52159
CVE
CVE-2025-8946
CVE
CVE-2025-12283
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.