39 matches found
CVE-2025-13814
A security flaw has been discovered in moxi159753 Mogu Blog v2 up to 5.2. Impacted is the function LocalFileServiceImpl.uploadPictureByUrl of the file /file/uploadPicsByUrl. The manipulation results in server-side request forgery. The attack can be launched remotely. The exploit has been released...
EUVD-2025-199972
A security flaw has been discovered in moxi159753 Mogu Blog v2 up to 5.2. Impacted is the function LocalFileServiceImpl.uploadPictureByUrl of the file /file/uploadPicsByUrl. The manipulation results in server-side request forgery. The attack can be launched remotely. The exploit has been released...
CVE-2025-13814 moxi159753 Mogu Blog v2 uploadPicsByUrl LocalFileServiceImpl.uploadPictureByUrl server-side request forgery
A security flaw has been discovered in moxi159753 Mogu Blog v2 up to 5.2. Impacted is the function LocalFileServiceImpl.uploadPictureByUrl of the file /file/uploadPicsByUrl. The manipulation results in server-side request forgery. The attack can be launched remotely. The exploit has been released...
CVE-2025-13814 moxi159753 Mogu Blog v2 uploadPicsByUrl LocalFileServiceImpl.uploadPictureByUrl server-side request forgery
A security flaw has been discovered in moxi159753 Mogu Blog v2 up to 5.2. Impacted is the function LocalFileServiceImpl.uploadPictureByUrl of the file /file/uploadPicsByUrl. The manipulation results in server-side request forgery. The attack can be launched remotely. The exploit has been released...
Mogu blog 代码问题漏洞
Mogu blog is a micro-architecture based front-end and back-end shared blog system by individual developers in Streamlet, China. A code issue vulnerability exists in Mogu blog v2 5.2 and earlier versions, which originates from a flaw in the function LocalFileServiceImpl.uploadPictureByUrl in the...
EUVD-2025-27513
Malicious code in bioql PyPI...
CVE-2025-10172 UTT 750W formPictureUrl buffer overflow
A flaw has been found in UTT 750W up to 3.2.2-191225. This issue affects some unknown processing of the file /goform/formPictureUrl. Executing manipulation of the argument importpictureurl can lead to buffer overflow. The attack can be executed remotely. The exploit has been published and may be...
PT-2025-37000
Name of the Vulnerable Software and Affected Versions: UTT 750W versions through 3.2.2-191225 Description: A buffer overflow issue exists due to the manipulation of the importpictureurl argument when processing the file /goform/formPictureUrl. This can be exploited remotely. Recommendations:...
UTT HiPER 840G Buffer Overflow Vulnerability (CNVD-2026-00816)
The UTT HiPER 840G is a full Gigabit Internet behavior management router from Atech UTT, which is aimed at small businesses, community networks, hotels, and other scenarios, providing high-speed network access and intelligent management features. The UTT HiPER 840G suffers from a buffer overflow...
CVE-2025-7118
A vulnerability, which was classified as critical, has been found in UTT HiPER 840G up to 3.1.1-190328. This issue affects some unknown processing of the file /goform/formPictureUrl. The manipulation of the argument importpictureurl leads to buffer overflow. The attack may be initiated remotely...
CVE-2024-1259
A vulnerability was found in Juanpao JPShop up to 1.5.02. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/controllers/admin/app/AppController.php of the component API. The manipulation of the argument apppicurl leads to unrestricted upload. The...
PT-2024-17676 · Juanpao · Jpshop
Name of the Vulnerable Software and Affected Versions: Juanpao JPShop versions up to 1.5.02 Description: A critical issue has been found in the API component, specifically affecting the actionUpdate function of the /api/controllers/merchant/design/MaterialController.php file. The manipulation of...
JPShop Code Issue Vulnerability
JPShop is an open source community group-buying micro-mall applet. A code issue vulnerability exists in Juanpao JPShop version 1.5.02 and prior versions, which stems from an incorrect operation of the parameter picurl that can lead to unrestricted uploads...
Juanpao JPShop Code Issue Vulnerability
JPShop is an open source community group-buying micro-mall applet. A code issue vulnerability exists in Juanpao JPShop version 1.5.02 and prior versions, which stems from an incorrect operation of the parameter apppicurl that can lead to unrestricted uploads...
CVE-2021-24654
The User Registration WordPress plugin before 2.0.2 does not properly sanitise the userregistrationprofilepicurl value when submitted directly via the userregistrationupdateprofiledetails AJAX action. This could allow any authenticated user, such as subscriber, to perform Stored Cross-Site attack...
Cross site scripting
The User Registration WordPress plugin before 2.0.2 does not properly sanitise the userregistrationprofilepicurl value when submitted directly via the userregistrationupdateprofiledetails AJAX action. This could allow any authenticated user, such as subscriber, to perform Stored Cross-Site attack...
VulnCheck KEV: CVE-2021-24654
The User Registration WordPress plugin before 2.0.2 does not properly sanitise the userregistrationprofilepicurl value when submitted directly via the userregistrationupdateprofiledetails AJAX action. This could allow any authenticated user, such as subscriber, to perform Stored...
CVE-2018-18540
TeaKKi 2.7 allows XSS via a crafted onerror attribute for a picture's URL...
Beehive Forum Cross-Site Scripting Vulnerability
Beehive Forum is a set of Web forum software based on PHP and MySQL. The software provides text filtering, user rights management and e-mail notification. A cross-site scripting vulnerability exists in the editprefs.php script in Beehive Forum version 1.4.4, which stems from the program's failure...