Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
avatar vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2020-5501
phpBB 3.2.8 allows a CSRF attack that can modify a group avatar.
Phpbb Phpbb 3.2.8
6.5
CVSSv3
CVE-2019-13376
phpBB version 3.2.7 allows the stealing of an Administration Control Panel session id by leveraging CSRF in the Remote Avatar feature. The CSRF Token Hijacking leads to stored XSS
Phpbb Phpbb 3.2.7
4.3
CVSSv3
CVE-2019-10377
A missing permission check in Jenkins Avatar Plugin 1.2 and previous versions allows attackers with Overall/Read access to change the avatar of any user of Jenkins.
Jenkins Avatar
8.8
CVSSv3
CVE-2019-12099
In PHP-Fusion 9.03.00, edit_profile.php allows remote authenticated users to execute arbitrary code because includes/dynamics/includes/form_fileinput.php and includes/classes/PHPFusion/Installer/Lib/Core.settings.inc mishandle executable files during avatar upload.
Php-fusion Php-fusion
5.8
CVSSv3
CVE-2019-11767
Server side request forgery (SSRF) in phpBB prior to 3.2.6 allows checking for the existence of files and services on the local network of the host through the remote avatar upload function.
Phpbb Phpbb
8.8
CVSSv3
CVE-2019-11447
An issue exists in CutePHP CuteNews 2.1.2. An attacker can infiltrate the server through the avatar upload process in the profile area via the avatar_file field to index.php?mod=main&opt=personal. There is no effective control of $imgsize in /core/modules/dashboard.php. The h...
Cutephp Cutenews 2.1.2
8 Github repositories
8.8
CVSSv3
CVE-2018-18382
Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka user/edit-profile) action.
Coderpixel Advanced Hrm 1.6
8.8
CVSSv3
CVE-2018-14570
A file upload vulnerability in application/shop/controller/member.php in Niushop B2B2C Multi-business basic version V1.11 allows any remote member to upload a .php file to the web server via a profile avatar field, by using an image Content-Type (e.g., image/jpeg) with a modified...
Niushop B2b2c Multi-business 1.11
6.5
CVSSv3
CVE-2018-1354
An improper access control vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows a regular user edit the avatar picture of other users with arbitrary content.
Fortinet Fortianalyzer
Fortinet Fortimanager
9.8
CVSSv3
CVE-2018-7679
Micro Focus Solutions Business Manager versions before 11.4 when ASP.NET is configured with execute permission on the virtual directories and does not validate the contents of user avatar images, could lead to remote code execution.
Microfocus Solutions Business Manager
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »