CVE-2026-4045
LDAP Injection in ProjectSend Auth.php Allows Remote Attack
Publication date: 2026-03-12
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| projectsend | projectsend | to r1945 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-204 | The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere. |
| CWE-203 | The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-4045 is a vulnerability in the ProjectSend application up to revision r1945, specifically in the handling of the ldap_email parameter within the Auth.php file.
The vulnerability occurs because the ldap_email parameter is not properly sanitized before being used in an LDAP search filter. This allows an attacker to manipulate the LDAP query by appending wildcard characters.
As a result, the server responds differently depending on whether the queried email exists in the LDAP directory, creating a response discrepancy that can be observed remotely.
This discrepancy enables an attacker to perform email enumeration attacks without needing an account, potentially revealing confidential information.
The attack is considered difficult to execute due to its high complexity, but a public proof-of-concept exploit is available.
How can this vulnerability impact me? :
This vulnerability impacts the confidentiality of information by allowing an attacker to enumerate email addresses in the LDAP directory through observable response discrepancies.
An attacker can remotely exploit this flaw without authentication, potentially gaining unauthorized knowledge about valid email accounts.
While the vulnerability does not affect integrity or availability, the exposure of sensitive information can lead to further targeted attacks or privacy violations.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by identifying the presence of the vulnerable ProjectSend application up to revision r1945, specifically by checking for the file includes/Classes/Auth.php.
One suggested method is to use Google Hacking techniques to search for URLs containing inurl:includes/Classes/Auth.php to find potentially vulnerable targets.
Since the vulnerability involves manipulation of the ldap_email parameter leading to response discrepancies, network detection could involve monitoring for unusual LDAP query patterns or error message discrepancies related to ldap_email parameters.
No specific commands are provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
No known countermeasures or mitigations have been published for this vulnerability.
It is suggested to replace the affected component or the ProjectSend application version up to r1945 with an alternative product or a fixed version if available.
Since the vendor did not respond to the disclosure, and the exploit is publicly available, immediate mitigation may require restricting access to the vulnerable application or implementing network-level protections to limit exposure.