ProjectSend (formerly cFTP) r582 allows Insecure Direct Object Reference via includes/actions.log.export.php.Referenceshttps://github.com/sandboxescape/ProjectSend-multiple-vulnerabilities/
