Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
avatar vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-3437
A vulnerability was found in SourceCodester Prison Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /Admin/add-admin.php of the component Avatar Handler. The manipulation of the argument avatar leads to unrestricted uplo...
312
VMScore
CVE-2018-10268
An issue exists in FastAdmin V1.0.0.20180417_beta. There is XSS via the application\api\controller\User.php avatar parameter.
Fastadmin Fastadmin 1.0.0.20180417
578
VMScore
CVE-2020-18476
SQL Injection vulnerability in Hucart CMS 5.7.4 via the basic information field found in the avatar usd_image field.
Hucart Hucart 5.7.4
312
VMScore
CVE-2022-24868
GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions before 10.0.0 one can exploit a lack of sanitization on SVG file uploads and inject javascript into their user avatar. As a resu...
Glpi-project Glpi
890
VMScore
CVE-2011-5133
Unspecified vulnerability in MyBB prior to 1.6.5 has unknown impact and attack vectors, related to an "unparsed user avatar in the buddy list."
Mybb Mybb 1.6.0
Mybb Mybb 1.5.2
Mybb Mybb 1.4.8
Mybb Mybb 1.4.1
Mybb Mybb 1.4.15
Mybb Mybb 1.4.0
Mybb Mybb 1.3
Mybb Mybb 1.2.12
Mybb Mybb 1.2.9
Mybb Mybb 1.2.6
Mybb Mybb 1.2.5
Mybb Mybb 1.1.6
Mybb Mybb 1.1.1
Mybb Mybb 1.6.1
Mybb Mybb 1.6.2
Mybb Mybb 1.6.3
Mybb Mybb 1.5.1
Mybb Mybb 1.4.13
Mybb Mybb 1.4.12
Mybb Mybb 1.4.7
Mybb Mybb 1.4.5
Mybb Mybb 1.2.13
312
VMScore
CVE-2020-13248
BooleBox Secure File Sharing Utility prior to 4.2.3.0 allows stored XSS via a crafted avatar field within My Account JSON data to Account.aspx.
Boolebox Boolebox
383
VMScore
CVE-2005-0662
Cross-site scripting (XSS) vulnerability in index.php for MercuryBoard 1.1.2 allows remote malicious users to inject arbitrary web script or HTML via the Avatar field.
Mercuryboard Mercuryboard 1.1.2
668
VMScore
CVE-2016-11020
Kunena prior to 5.0.4 does not restrict avatar file extensions to gif, jpeg, jpg, and png. This can lead to XSS and remote code execution.
Kunena Kunena
NA
CVE-2024-24028
Server Side Request Forgery (SSRF) vulnerability in Likeshop prior to 2.5.7 allows malicious users to view sensitive information via the avatar parameter in function UserLogic::updateWechatInfo.
NA
CVE-2020-20588
File upload vulnerability in function upload in action/Core.class.php in zhimengzhe iBarn 1.5 allows remote malicious users to run arbitrary code via avatar upload to index.php.
Ibarn Project Ibarn 1.5
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »