CVE-2023-53980

CRITICAL

ProjectSend r1605 - Remote Code Execution via File Extension Manipulation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-53980. PoCs published by Mirabbas Ağalarov.

AI-analyzed exploit summary This exploit leverages file extension manipulation in projectSend r1605 to bypass upload restrictions and achieve remote code execution via a reverse shell. The attacker uploads a malicious file with a deceptive extension and then renames it to execute arbitrary code.

Description

ProjectSend r1605 contains a remote code execution vulnerability that allows attackers to upload malicious files by manipulating file extensions. Attackers can upload shell scripts with disguised extensions through the upload.process.php endpoint to execute arbitrary commands on the server.

Exploits (1)

exploitdb WORKING POC
by Mirabbas Ağalarov · textwebappsphp
https://www.exploit-db.com/exploits/51238

This exploit leverages file extension manipulation in projectSend r1605 to bypass upload restrictions and achieve remote code execution via a reverse shell. The attacker uploads a malicious file with a deceptive extension and then renames it to execute arbitrary code.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: projectSend r1605
Auth required
Prerequisites: Access to upload functionality · Valid session (PHPSESSID) · Network connectivity for reverse shell
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/51238

Scores

CVSS v3 9.8
EPSS 0.0081
EPSS Percentile 52.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-434
Status published
Products (1)
projectsend/projectsend r1605
Published Dec 22, 2025
Tracked Since Feb 18, 2026