CVE-2023-53980
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-22

Last updated on: 2025-12-26

Assigner: VulnCheck

Description
ProjectSend r1605 contains a remote code execution vulnerability that allows attackers to upload malicious files by manipulating file extensions. Attackers can upload shell scripts with disguised extensions through the upload.process.php endpoint to execute arbitrary commands on the server.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-22
Last Modified
2025-12-26
Generated
2026-06-16
AI Q&A
2025-12-23
EPSS Evaluated
2026-06-14
NVD
CVE-2023-53980
EUVD
EUVD-2023-60242
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
projectsend projectsend r1605
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2023-53980 is a remote code execution vulnerability in ProjectSend version r1605. It allows attackers to upload malicious shell script files by manipulating file extensions during the upload process via the upload.process.php endpoint. Attackers bypass file extension restrictions by appending a semicolon and a permitted extension (e.g., .jpg) to the malicious file name, enabling the server to accept and store the file. Then, by renaming the file to remove the benign extension, the attacker can execute arbitrary commands on the server, gaining remote code execution capabilities. [1, 2]

Impact Analysis

This vulnerability can have severe impacts, including allowing attackers to execute arbitrary commands on the server hosting ProjectSend. This can lead to full remote control over the server, data theft, data manipulation, service disruption, or further attacks within the network. Since the exploit requires low privileges and no user interaction, it poses a high risk to affected systems. [1, 2]

Detection Guidance

This vulnerability can be detected by monitoring for suspicious file uploads to the /includes/upload.process.php endpoint, especially files with manipulated extensions such as filenames containing shell script extensions followed by a semicolon and another extension (e.g., openme.sh;jpg). You can check your web server logs for POST requests to /includes/upload.process.php with such filenames. Additionally, look for HTTP POST requests to /files-edit.php?ids= that rename files to executable extensions. Commands to detect suspicious files on the server might include: 1) Searching for files with suspicious extensions or semicolons in filenames: `find /path/to/upload/directory -name '*;*'` 2) Checking web server access logs for suspicious POST requests: `grep 'upload.process.php' /var/log/apache2/access.log | grep -E '\.sh;|\.php;'` 3) Monitoring network connections for unexpected reverse shell activity, e.g., using `netstat -anp | grep 4444` or similar to detect connections to attacker IPs and ports. [1]

Mitigation Strategies

Immediate mitigation steps include: 1) Restrict or disable file uploads to the /includes/upload.process.php endpoint until a patch is applied. 2) Implement strict validation and sanitization of uploaded file names and extensions to prevent manipulation such as semicolons or multiple extensions. 3) Apply access controls to prevent execution of uploaded files, for example, by configuring the web server to disallow execution in upload directories. 4) Monitor and remove any suspicious files already uploaded with manipulated extensions. 5) Update ProjectSend to a version where this vulnerability is fixed once available. 6) Consider network-level protections such as firewall rules to block outgoing connections to suspicious IPs and ports used by reverse shells. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-53980. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart