5 matches found
GHSA-R2JV-FWFR-4J8C askbot inexhaustive permissions check allows any user to modify a different user's profile picture
All versions of askbot before and including 0.12.2 allow an attacker authenticated with normal user permissions to modify the profile picture of other application users. This issue affects askbot: 0.12.2...
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the adminorownerrequired function in avatarview.py. An attacker can alter other users' profile images by sending crafted requests while authenticated with standard user privileges...
EUVD-2026-4756
All versions of askbot before and including 0.12.2 allow an attacker authenticated with normal user permissions to modify the profile picture of other application users.This issue affects askbot: 0.12.2...
CVE-2026-1213 Askbot 0.12.2 - Insecure Direct Object Reference (IDOR)
All versions of askbot before and including 0.12.2 allow an attacker authenticated with normal user permissions to modify the profile picture of other application users.This issue affects askbot: 0.12.2...
EUVD-2015-3247
Malware in sbrugna...