{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4044", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-03-12T09:07:40.791Z", "datePublished": "2026-03-12T15:32:11.910Z", "dateUpdated": "2026-03-12T15:40:19.925Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-12T15:32:11.910Z"}, "title": "projectsend Delete import-orphans.php realpath path traversal", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-22", "lang": "en", "description": "Path Traversal"}]}], "affected": [{"vendor": "n/a", "product": "projectsend", "versions": [{"version": "r1945", "status": "affected"}], "cpes": ["cpe:2.3:a:projectsend:projectsend:*:*:*:*:*:*:*:*"], "modules": ["Delete Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in projectsend up to r1945. This affects the function realpath of the file /import-orphans.php of the component Delete Handler. Performing a manipulation of the argument files[] results in path traversal. Remote exploitation of the attack is possible. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.1, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:C", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:C", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4.7, "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:P/E:POC/RL:ND/RC:C"}}], "timeline": [{"time": "2026-03-12T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-03-12T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-03-12T10:13:35.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "0xNayel (VulDB User)", "type": "reporter"}, {"lang": "en", "value": "VulDB", "type": "coordinator"}], "references": [{"url": "https://vuldb.com/?id.350656", "name": "VDB-350656 | projectsend Delete import-orphans.php realpath path traversal", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.350656", "name": "VDB-350656 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.769528", "name": "Submit #769528 | projectsend 35dfd6f08f7d517709c77ee73e57367141107e6b Path Traversal", "tags": ["third-party-advisory"]}, {"url": "https://drive.google.com/file/d/1BOWm9FvhmM90oP91rOWpI4GoWdbI06wg/view?usp=sharing", "tags": ["exploit"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-12T15:40:11.075051Z", "id": "CVE-2026-4044", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-12T15:40:19.925Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-4044", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-12T15:40:11.075051Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-12T15:40:15.324Z"}}], "cna": {"title": "projectsend Delete import-orphans.php realpath path traversal", "credits": [{"lang": "en", "type": "reporter", "value": "0xNayel (VulDB User)"}, {"lang": "en", "type": "coordinator", "value": "VulDB"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.8, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:C"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.8, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:C"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4.7, "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:P/E:POC/RL:ND/RC:C"}}], "affected": [{"cpes": ["cpe:2.3:a:projectsend:projectsend:*:*:*:*:*:*:*:*"], "vendor": "n/a", "modules": ["Delete Handler"], "product": "projectsend", "versions": [{"status": "affected", "version": "r1945"}]}], "timeline": [{"lang": "en", "time": "2026-03-12T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-03-12T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-03-12T10:13:35.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.350656", "name": "VDB-350656 | projectsend Delete import-orphans.php realpath path traversal", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.350656", "name": "VDB-350656 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.769528", "name": "Submit #769528 | projectsend 35dfd6f08f7d517709c77ee73e57367141107e6b Path Traversal", "tags": ["third-party-advisory"]}, {"url": "https://drive.google.com/file/d/1BOWm9FvhmM90oP91rOWpI4GoWdbI06wg/view?usp=sharing", "tags": ["exploit"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in projectsend up to r1945. This affects the function realpath of the file /import-orphans.php of the component Delete Handler. Performing a manipulation of the argument files[] results in path traversal. Remote exploitation of the attack is possible. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "Path Traversal"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-12T15:32:11.910Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4044", "state": "PUBLISHED", "dateUpdated": "2026-03-12T15:40:19.925Z", "dateReserved": "2026-03-12T09:07:40.791Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-03-12T15:32:11.910Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in projectsend up to r1945. This affects the function realpath of the file /import-orphans.php of the component Delete Handler. Performing a manipulation of the argument files[] results in path traversal. Remote exploitation of the attack is possible. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "es", "value": "Una vulnerabilidad fue detectada en projectsend hasta r1945. Esto afecta a la funci\u00f3n realpath del archivo /import-orphans.PHP del componente Gestor de Eliminaci\u00f3n. Realizar una manipulaci\u00f3n del argumento files[] resulta en salto de ruta. Es posible la explotaci\u00f3n remota del ataque. El exploit es ahora p\u00fablico y puede ser utilizado. El proveedor fue contactado tempranamente sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."}], "id": "CVE-2026-4044", "lastModified": "2026-04-29T01:00:01.613", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "MULTIPLE", "availabilityImpact": "PARTIAL", "baseScore": 4.7, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.4, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.8, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 2.5, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 2.0, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-03-12T16:16:11.863", "references": [{"source": "cna@vuldb.com", "url": "https://drive.google.com/file/d/1BOWm9FvhmM90oP91rOWpI4GoWdbI06wg/view?usp=sharing"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.350656"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.350656"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.769528"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "r1945"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "projectsend", "source": "cna", "vendor": "n/a"}, "product": "projectsend", "vendor": "projectsend"}], "analysis": {"en": {"generated_at": "2026-03-18T15:13:55.375502+00:00", "value": {"mitigation_remediation": ["Check your Projectsend version. If it is r1945 or earlier, consider upgrading to a newer release that removes the vulnerable code.", "If an upgrade is not immediately possible, restrict access to import-orphans.php to trusted administrators or disable the script entirely if not required.", "Monitor web server logs for suspicious requests to import-orphans.php and investigate any unauthorized file access attempts.", "Contact the Projectsend maintainers for a patch or further guidance."], "summary": {"action": "Assess Impact", "impact": "Path Traversal (Remote File Access)"}, "threat_synthesis": {"affected_systems": "The affected product is Projectsend, any version up to revision r1945. No specific sub-modules are listed; the path traversal occurs in the Delete Handler component's import-orphans.php script.", "description_and_impact": "A vulnerability in Projectsend up to revision r1945 allows an attacker to perform a path traversal attack by manipulating the files[] parameter in import-orphans.php. This flaw exploits the realpath function, enabling the attacker to read arbitrary files on the server. Remote exploitation is possible and the exploit is publicly available, potentially compromising confidentiality of sensitive files.", "risk_and_exploitability": "The CVSS score for this issue is 5.1, indicating a moderate severity. The EPSS score is below 1%, suggesting low probability of exploitation, and it is not listed in the CISA Known Exploited Vulnerabilities catalog. The exposure is via a web request, so an attacker only needs remote access to the vulnerable endpoint to manipulate the files[] argument and trigger the path traversal. There is no official patch or workaround provided by the vendor, so the risk remains until a newer release or fix is applied."}}}}, "created": "2026-03-13T09:53:01.272040+00:00", "updated": "2026-03-20T15:49:38.319238+00:00", "vendors": ["projectsend", "projectsend$PRODUCT$projectsend"]}