Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
avatar vulnerabilities and exploits
(subscribe to this query)
6.3
CVSSv2
CVE-2009-4449
Directory traversal vulnerability in MyBB (aka MyBulletinBoard) 1.4.10, and possibly earlier versions, when changing the user avatar from the gallery, allows remote authenticated users to determine the existence of files via directory traversal sequences in the avatar and possibl...
Mybboard Mybb 1.4.10
4.3
CVSSv2
CVE-2020-5501
phpBB 3.2.8 allows a CSRF attack that can modify a group avatar.
Phpbb Phpbb 3.2.8
5
CVSSv2
CVE-2021-43180
In JetBrains Hub prior to 2021.1.13690, information disclosure via avatar metadata is possible.
Jetbrains Hub
6.5
CVSSv2
CVE-2022-26605
eZiosuite v2.0.7 contains an authenticated arbitrary file upload via the Avatar upload functionality.
Dascomsoft Eziosuite 2.0.7
5
CVSSv2
CVE-2021-29134
The avatar middleware in Gitea prior to 1.13.6 allows Directory Traversal via a crafted URL.
Gitea Gitea
3.5
CVSSv2
CVE-2021-42085
An issue exists in Zammad prior to 4.1.1. There is stored XSS via a custom Avatar.
Zammad Zammad
10
CVSSv2
CVE-2021-42669
A file upload vulnerability exists in Sourcecodester Engineers Online Portal in PHP via dashboard_teacher.php, which allows changing the avatar through teacher_avatar.php. Once an avatar gets uploaded it is getting uploaded to the /admin/uploads/ directory, and is accessible by a...
Engineers Online Portal Project Engineers Online Portal -
2 Github repositories
4.3
CVSSv2
CVE-2022-29020
ForestBlog through 2022-02-16 allows admin/profile/save userAvatar XSS during addition of a user avatar.
Forestblog Project Forestblog
3.5
CVSSv2
CVE-2018-10268
An issue exists in FastAdmin V1.0.0.20180417_beta. There is XSS via the application\api\controller\User.php avatar parameter.
Fastadmin Fastadmin 1.0.0.20180417
6.5
CVSSv2
CVE-2020-18476
SQL Injection vulnerability in Hucart CMS 5.7.4 via the basic information field found in the avatar usd_image field.
Hucart Hucart 5.7.4
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »