Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
avatar vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2020-20588
File upload vulnerability in function upload in action/Core.class.php in zhimengzhe iBarn 1.5 allows remote malicious users to run arbitrary code via avatar upload to index.php.
Ibarn Project Ibarn 1.5
8
CVSSv3
CVE-2020-12846
Zimbra prior to 8.8.15 Patch 10 and 9.x prior to 9.0.0 Patch 3 allows remote code execution via an avatar file. There is potential abuse of /service/upload servlet in the webmail subsystem. A user can upload executable files (exe,sh,bat,jar) in the Contact section of the mailbox ...
Synacor Zimbra Collaboration Suite
Synacor Zimbra Collaboration Suite 8.8.15
Synacor Zimbra Collaboration Suite 9.0.0
6.1
CVSSv3
CVE-2021-35303
Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows remote malicious users to execute arbitrary web script or HTML via the User Avatar attribute.
Zammad Zammad
NA
CVE-2006-7080
Directory traversal vulnerability in the avatar upload feature in exV2 2.0.4.3 and previous versions allows remote malicious users to delete arbitrary files via ".." sequences in the old_avatar parameter.
Exv2 Content Management System
1 EDB exploit
5.4
CVSSv3
CVE-2023-49444
An arbitrary file upload vulnerability in DoraCMS v2.1.8 allow malicious users to execute arbitrary code via uploading a crafted HTML or image file to the user avatar.
Html-js Doracms 2.1.8
9.8
CVSSv3
CVE-2020-19302
An arbitrary file upload vulnerability in the avatar upload function of vaeThink v1.0.1 allows malicious users to open a webshell via changing uploaded file suffixes to ".php".
Vaethink Vaethink 1.0.1
4.6
CVSSv3
CVE-2023-30791
Plane version 0.7.1-dev allows an malicious user to change the avatar of his profile, which allows uploading files with HTML extension that interprets both HTML and JavaScript.
Plane Plane 0.7.1
7.8
CVSSv3
CVE-2023-43838
An arbitrary file upload vulnerability in Personal Management System v1.4.64 allows malicious users to execute arbitrary code via uploading a crafted SVG file into a user profile's avatar.
Personal-management-system Personal Management System 1.4.64
1 Github repository
5.4
CVSSv3
CVE-2021-43659
In halo 1.4.14, the function point of uploading the avatar, any file can be uploaded, such as uploading an HTML file, which will cause a stored XSS vulnerability.
Halo Halo 1.4.14
7.2
CVSSv3
CVE-2022-23906
CMS Made Simple v2.2.15 exists to contain a Remote Command Execution (RCE) vulnerability via the upload avatar function. This vulnerability is exploited via a crafted image file.
Cmsmadesimple Cms Made Simple 2.2.15
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2024-34413
CVE-2024-34089
CVE-2024-33408
local
SQL
CVE-2024-0402
CVE-2024-33910
CVE-2024-31848
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »