Full title: ProjectSend R1605 Unauthenticated Remote Code Execution Exploit Category: remote exploits Platform: php This Metasploit module exploits an improper authorization vulnerability in ProjectSend versions r1295 through r1605. The vulnerability allows an unauthenticated attacker to obtain remote code execution by enabling user registration, disabling the whitelist of allowed file extensions, and uploading a malicious PHP file to the server. # 0day.today @ http://0day.today/