Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.3
Projectsend versions up to r1945 allow attackers to manipulate user data
CVE-2026-4045
Summary
A security issue exists in Projectsend versions up to r1945. An attacker can remotely manipulate user data, specifically the LDAP email address, potentially causing a discrepancy in the system's response. This issue is not easy to exploit, but since an exploit is publicly available, we recommend upgrading to a patched version as soon as possible to prevent potential issues.
Original title
A flaw has been found in projectsend up to r1945. This impacts an unknown function of the file includes/Classes/Auth.php. Executing a manipulation of the argument ldap_email can lead to observable ...
Original description
A flaw has been found in projectsend up to r1945. This impacts an unknown function of the file includes/Classes/Auth.php. Executing a manipulation of the argument ldap_email can lead to observable response discrepancy. The attack can be executed remotely. A high complexity level is associated with this attack. The exploitability is said to be difficult. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
nvd CVSS2.0
2.6
nvd CVSS3.1
3.7
nvd CVSS4.0
6.3
Vulnerability type
CWE-203
CWE-204
Published: 12 Mar 2026 · Updated: 13 Mar 2026 · First seen: 12 Mar 2026