Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
avatar vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2012-2670
manageuser.php in Collabtive prior to 0.7.6 allows remote authenticated users, and possibly unauthenticated attackers, to bypass intended access restrictions and upload and execute arbitrary files by uploading an avatar file with an accepted Content-Type such as image/jpeg, then ...
O-dyn Collabtive 0.7
O-dyn Collabtive 0.6.5
O-dyn Collabtive 0.6.4
O-dyn Collabtive
5
CVSSv2
CVE-2021-43180
In JetBrains Hub prior to 2021.1.13690, information disclosure via avatar metadata is possible.
Jetbrains Hub
4.3
CVSSv2
CVE-2020-5501
phpBB 3.2.8 allows a CSRF attack that can modify a group avatar.
Phpbb Phpbb 3.2.8
6.5
CVSSv2
CVE-2022-26605
eZiosuite v2.0.7 contains an authenticated arbitrary file upload via the Avatar upload functionality.
Dascomsoft Eziosuite 2.0.7
5
CVSSv2
CVE-2021-29134
The avatar middleware in Gitea prior to 1.13.6 allows Directory Traversal via a crafted URL.
Gitea Gitea
10
CVSSv2
CVE-2021-42669
A file upload vulnerability exists in Sourcecodester Engineers Online Portal in PHP via dashboard_teacher.php, which allows changing the avatar through teacher_avatar.php. Once an avatar gets uploaded it is getting uploaded to the /admin/uploads/ directory, and is accessible by a...
Engineers Online Portal Project Engineers Online Portal -
2 Github repositories
3.5
CVSSv2
CVE-2021-42085
An issue exists in Zammad prior to 4.1.1. There is stored XSS via a custom Avatar.
Zammad Zammad
4.3
CVSSv2
CVE-2022-29020
ForestBlog through 2022-02-16 allows admin/profile/save userAvatar XSS during addition of a user avatar.
Forestblog Project Forestblog
NA
CVE-2024-3436
A vulnerability was found in SourceCodester Prison Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /Admin/edit-photo.php of the component Avatar Handler. The manipulation of the argument avatar leads to unrestricted upl...
4.6
CVSSv2
CVE-2008-6502
Directory traversal vulnerability in Pro Chat Rooms 3.0.2 allows remote authenticated users to select an arbitrary local PHP script as an avatar via a .. (dot dot) in the avatar parameter, and cause other users to execute this script by using sendData.php to send a message to (1)...
Prochatrooms Pro Chat Rooms 3.0.2
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »