Vulnerability Database

313,825

Total vulnerabilities in the database

CVE-2023-53930

ProjectSend r1605 contains an insecure direct object reference vulnerability that allows unauthenticated attackers to download private files by manipulating the download ID parameter. Attackers can access any user's private files by changing the 'id' parameter in the download request to process.php.

Published: Dec 17, 2025
Updated: Dec 19, 2025
CVE: CVE-2023-53930
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-639

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

No affected software listed.

https://www.exploit-db.com/exploits/51400
https://www.projectsend.org/
https://www.vulncheck.com/advisories/projectsend-insecure-direct-object-reference-file-download-vulnerability

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo