CVE-2024-7658

Name: CVE-2024-7658
Creator: NVD / NIST
Published: 2024-08-12T13:38:49.63+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 6.9/10EPSS 0.79%

Last modified Jun 17, 2026

CVE-2024-7658 is a medium-severity vulnerability rated 6.9/10 on the CVSS scale. A vulnerability, which was classified as problematic, has been found in projectsend up to r1605. This issue affects the function get_preview of the file process.php. EPSS estimates a 0.79% chance of exploitation in the next 30 days.

Description

A vulnerability, which was classified as problematic, has been found in projectsend up to r1605. This issue affects the function get_preview of the file process.php. The manipulation leads to improper control of resource identifiers. The attack may be initiated remotely. Upgrading to version r1720 is able to address this issue. The patch is named eb5a04774927e5855b9d0e5870a2aae5a3dc5a08. It is recommended to upgrade the affected component.

Metrics

CVSS 3.1

5.3/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS 4.0

6.9/10

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

EPSS Probability

0.79%

51.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Projectsend	Projectsend	< r1720

References

https://github.com/projectsend/projectsend/commit/eb5a04774927e5855b9d0e5870a2aae5a3dc5a08Patch
https://github.com/projectsend/projectsend/releases/tag/r1720Release Notes
https://vuldb.com/?ctiid.274115Permissions Required, VDB Entry
https://vuldb.com/?id.274115Third Party Advisory, VDB Entry
https://vuldb.com/?submit.385000Third Party Advisory, VDB Entry
https://www.kiyell.com/private-files-from-projectsend-idor/

Timeline

Published: Aug 12, 2024
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2024-7658?

How severe is CVE-2024-7658?

CVE-2024-7658 has a CVSS score of 6.9/10 (MEDIUM severity). The EPSS model estimates a 0.79% probability of exploitation in the next 30 days.

How do I fix CVE-2024-7658?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2024-7658?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST