6 matches found
CVE-2025-5007
A vulnerability was found in Part-DB up to 1.17.0. It has been declared as problematic. Affected by this vulnerability is the function handleUpload of the file src/Services/Attachments/AttachmentSubmitHandler.php of the component Profile Picture Feature. The manipulation of the argument attachmen...
CVE-2025-5007
A vulnerability was found in Part-DB up to 1.17.0. It has been declared as problematic. Affected by this vulnerability is the function handleUpload of the file src/Services/Attachments/AttachmentSubmitHandler.php of the component Profile Picture Feature. The manipulation of the argument attachmen...
CVE-2025-5007 Part-DB Profile Picture Feature AttachmentSubmitHandler.php handleUpload cross site scripting
A vulnerability was found in Part-DB up to 1.17.0. It has been declared as problematic. Affected by this vulnerability is the function handleUpload of the file src/Services/Attachments/AttachmentSubmitHandler.php of the component Profile Picture Feature. The manipulation of the argument attachmen...
CVE-2025-5007
Part-DB up to 1.17.0 exposes a cross-site scripting (XSS) vulnerability in the Profile Picture Feature. The issue lies in handleUpload (src/Services/Attachments/AttachmentSubmitHandler.php) where the attachment argument can be manipulated to inject scripts. It can be exploited remotely and an exp...
PT-2025-3436 · Wallos · Wallos
Name of the Vulnerable Software and Affected Versions: Wallos version 2.41.0 Description: The issue allows a remote attacker to execute arbitrary code via the profile picture function. This is a result of a Cross Site Scripting vulnerability. Recommendations: For Wallos version 2.41.0, consider...
Student Enrollment In PHP Security Vulnerability
Student Enrollment In PHP is a code-projects open source student enrollment system. A security vulnerability exists in Student Enrollment In PHP version 1.0 due to an arbitrary file upload vulnerability in the Add Students Profile Picture feature...