49 matches found
CVE-2026-1107
A weakness has been identified in EyouCMS up to 1.7.1/5.0. Impacted is the function checkuserinfo of the file Diyajax.php of the component Member Avatar Handler. Executing a manipulation of the argument viewfile can lead to unrestricted upload. The attack may be performed from remote. The exploit...
CVE-2026-1107
A weakness has been identified in EyouCMS up to 1.7.1/5.0. Impacted is the function checkuserinfo of the file Diyajax.php of the component Member Avatar Handler. Executing a manipulation of the argument viewfile can lead to unrestricted upload. The attack may be performed from remote. The exploit...
CVE-2026-1107
A weakness has been identified in EyouCMS up to 1.7.1/5.0. Impacted is the function checkuserinfo of the file Diyajax.php of the component Member Avatar Handler. Executing a manipulation of the argument viewfile can lead to unrestricted upload. The attack may be performed from remote. The exploit...
PT-2026-3375
A weakness has been identified in EyouCMS up to 1.7.1/5.0. Impacted is the function check userinfo of the file Diyajax.php of the component Member Avatar Handler. Executing a manipulation of the argument viewfile can lead to unrestricted upload. The attack may be performed from remote. The exploi...
EyouCMS code-related vulnerabilities
EyouCMS is an open-source content management system CMS developed by Eyou Corporation in China, based on ThinkPHP. Versions of EyouCMS 1.7.1/5.0 and earlier have code vulnerabilities. These vulnerabilities stem from incorrect handling of the viewfile parameter in the checkuserinfo function of the...
CVE-2025-11941
A vulnerability was detected in e107 CMS up to 2.3.3. This impacts an unknown function of the file /e107admin/image.php?mode=main=avatar of the component Avatar Handler. Performing manipulation of the argument multiaction results in path traversal. It is possible to initiate the attack remotely...
EUVD-2025-35005
A vulnerability was detected in e107 CMS up to 2.3.3. This impacts an unknown function of the file /e107admin/image.php?mode=main&action=avatar of the component Avatar Handler. Performing manipulation of the argument multiaction results in path traversal. It is possible to initiate the attack...
CVE-2025-11941
A vulnerability was detected in e107 CMS up to 2.3.3. This impacts an unknown function of the file /e107admin/image.php?mode=main&action=avatar of the component Avatar Handler. Performing manipulation of the argument multiaction results in path traversal. It is possible to initiate the attack...
CVE-2025-11941
A vulnerability was detected in e107 CMS up to 2.3.3. This impacts an unknown function of the file /e107admin/image.php?mode=main&action=avatar of the component Avatar Handler. Performing manipulation of the argument multiaction results in path traversal. It is possible to initiate the attack...
CVE-2025-11941
CVE-2025-11941 affects e107 CMS up to version 2.3.3. The vulnerability is in the Avatar Handler, specifically file /e107_admin/image.php?mode=main&action=avatar, where manipulation of the multiaction[] parameter triggers path traversal. Attacks can be launched remotely and the exploit is public. ...
CVE-2025-11941 e107 CMS Avatar image.php path traversal
A vulnerability was detected in e107 CMS up to 2.3.3. This impacts an unknown function of the file /e107admin/image.php?mode=main&action=avatar of the component Avatar Handler. Performing manipulation of the argument multiaction results in path traversal. It is possible to initiate the attack...
CVE-2025-11941 e107 CMS Avatar image.php path traversal
A vulnerability was detected in e107 CMS up to 2.3.3. This impacts an unknown function of the file /e107admin/image.php?mode=main&action=avatar of the component Avatar Handler. Performing manipulation of the argument multiaction results in path traversal. It is possible to initiate the attack...
EUVD-2022-42915
Malicious code in bioql PyPI...
EUVD-2024-15984
Malicious code in bioql PyPI...
EUVD-2023-24129
Malicious code in bioql PyPI...
Malicious code in avatar-handler (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c3750cf8fac7fc22334d1fb416e7f3af691425c669829dcc9857abdc1384bbb7 Code pretending to handling downloading an image, but in fact is prepared to download and execute a Powershell script image properties. No known usage ---...
MAL-2025-191685 Malicious code in avatar-handler (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c3750cf8fac7fc22334d1fb416e7f3af691425c669829dcc9857abdc1384bbb7 Code pretending to handling downloading an image, but in fact is prepared to download and execute a Powershell script image properties. No known usage ---...
CVE-2024-0185
A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been rated as critical. This issue affects some unknown processing of the file dasboardteacher.php of the component Avatar Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely...
CVE-2023-1942
A vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/?page=user of the component Avatar Handler. The manipulation leads to unrestricted upload. The attack can...
CVE-2022-3549
A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /csms/admin/?page=user/manageuser of the component Avatar Handler. The manipulation leads to unrestricted upload. The...