Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
avatar vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-3437
A vulnerability was found in SourceCodester Prison Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /Admin/add-admin.php of the component Avatar Handler. The manipulation of the argument avatar leads to unrestricted uplo...
578
VMScore
CVE-2020-18476
SQL Injection vulnerability in Hucart CMS 5.7.4 via the basic information field found in the avatar usd_image field.
Hucart Hucart 5.7.4
312
VMScore
CVE-2018-10268
An issue exists in FastAdmin V1.0.0.20180417_beta. There is XSS via the application\api\controller\User.php avatar parameter.
Fastadmin Fastadmin 1.0.0.20180417
312
VMScore
CVE-2022-24868
GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions before 10.0.0 one can exploit a lack of sanitization on SVG file uploads and inject javascript into their user avatar. As a resu...
Glpi-project Glpi
312
VMScore
CVE-2020-13248
BooleBox Secure File Sharing Utility prior to 4.2.3.0 allows stored XSS via a crafted avatar field within My Account JSON data to Account.aspx.
Boolebox Boolebox
890
VMScore
CVE-2011-5133
Unspecified vulnerability in MyBB prior to 1.6.5 has unknown impact and attack vectors, related to an "unparsed user avatar in the buddy list."
Mybb Mybb 1.6.0
Mybb Mybb 1.5.2
Mybb Mybb 1.4.8
Mybb Mybb 1.4.1
Mybb Mybb 1.4.15
Mybb Mybb 1.4.0
Mybb Mybb 1.3
Mybb Mybb 1.2.12
Mybb Mybb 1.2.9
Mybb Mybb 1.2.6
Mybb Mybb 1.2.5
Mybb Mybb 1.1.6
Mybb Mybb 1.1.1
Mybb Mybb 1.6.1
Mybb Mybb 1.6.2
Mybb Mybb 1.6.3
Mybb Mybb 1.5.1
Mybb Mybb 1.4.13
Mybb Mybb 1.4.12
Mybb Mybb 1.4.7
Mybb Mybb 1.4.5
Mybb Mybb 1.2.13
383
VMScore
CVE-2005-0662
Cross-site scripting (XSS) vulnerability in index.php for MercuryBoard 1.1.2 allows remote malicious users to inject arbitrary web script or HTML via the Avatar field.
Mercuryboard Mercuryboard 1.1.2
668
VMScore
CVE-2016-11020
Kunena prior to 5.0.4 does not restrict avatar file extensions to gif, jpeg, jpg, and png. This can lead to XSS and remote code execution.
Kunena Kunena
NA
CVE-2024-24028
Server Side Request Forgery (SSRF) vulnerability in Likeshop prior to 2.5.7 allows malicious users to view sensitive information via the avatar parameter in function UserLogic::updateWechatInfo.
668
VMScore
CVE-2005-0743
The custom avatar uploading feature (uploader.php) for XOOPS 2.0.9.2 and previous versions allows remote malicious users to upload arbitrary PHP scripts, whose file extensions are not filtered.
Xoops Xoops 1.0 Rc1
Xoops Xoops 1.0 Rc3
Xoops Xoops 1.3.9
Xoops Xoops 2.0
Xoops Xoops 1.3.5
Xoops Xoops 1.3.6
Xoops Xoops 2.0.5
Xoops Xoops 2.0.5.1
Xoops Xoops 1.3.7
Xoops Xoops 1.3.8
Xoops Xoops 2.0.5.2
Xoops Xoops 2.0.9.2
Xoops Xoops 1.0 Rc3.0.5
Xoops Xoops 1.3.10
Xoops Xoops 2.0.1
Xoops Xoops 2.0.2
Xoops Xoops 2.0.3
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »