From 2bc916afb68ba84c28dca132776882ccc3968db7 Mon Sep 17 00:00:00 2001
From: flor1der <166708713+flor1der@users.noreply.github.com>
Date: Mon, 9 Dec 2024 21:06:54 +0100
Subject: [PATCH] Create DIVD-2024-00051.md

---
 _cases/2024/DIVD-2024-00051.md | 45 ++++++++++++++++++++++++++++++++++
 1 file changed, 45 insertions(+)
 create mode 100644 _cases/2024/DIVD-2024-00051.md

diff --git a/_cases/2024/DIVD-2024-00051.md b/_cases/2024/DIVD-2024-00051.md
new file mode 100644
index 00000000..4bced00c
--- /dev/null
+++ b/_cases/2024/DIVD-2024-00051.md
@@ -0,0 +1,45 @@
+---
+layout: case
+title: "Improper authorization vulnerabilty in ProjectSend"
+author: Florian Krijt
+lead: Koen Schagen
+excerpt: "Improper authorization vulnerabilty, cve-2024-11680, in open-source file-sharing application: ProjectSend,"
+researchers:
+- Florian Krijt
+- Koen Schagen
+cves:
+- CVE-2024-11680
+product:
+- ProjectSend
+versions: 
+- ealier then r1720
+recommendation: "Upgrade to R1720 or later"
+workaround: "none"
+patch_status: Patch available
+status : Open
+start: 2024-12-09
+timeline:
+- start: 2024-12-09
+  end:
+  event: "DIVD starts researching the vulnerability."
+- start: 2024-12-09
+  end:
+  event: "DIVD finds fingerprint, preparing to scan."
+- start: 2024-12-09
+  end:
+  event: "Case opened and starting first scan."
+---
+
+## Summary
+
+A critical vulnerability in ProjectSend, a widely-used open-source file-sharing platform, has been actively exploited. The vulnerability, found in versions prior to r1720, enables unauthenticated attackers to modify application configurations via improperly authorised requests. This allows exploitation scenarios such as enabling unauthorised user registration, uploading PHP webshells, or embedding malicious JavaScript, leading to server compromise.
+
+## Recommendations
+
+To remediate {% cve CVE-2024-11680 %}, upgrade to version r1720 or later.
+
+## What we are doing
+
+DIVD is currently working to identify parties that are running a vulnerable version of ProjectSend and to notify these parties. 
+
+{% include timeline.html %}