Lucene search
K

49 matches found

RedhatCVE
RedhatCVE
added 2025/04/30 8:59 a.m.18 views

CVE-2025-4012

A vulnerability was found in playeduxyz PlayEdu 开源培训系统 up to 1.8 and classified as problematic. This issue affects some unknown processing of the file /api/backend/v1/user/create of the component User Avatar Handler. The manipulation of the argument Avatar leads to server-side request forgery. Th...

7.5CVSS6.8AI score0.00385EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/04/28 8:31 a.m.37 views

CVE-2025-4012 playeduxyz PlayEdu 开源培训系统 User Avatar create server-side request forgery

A vulnerability was found in playeduxyz PlayEdu 开源培训系统 up to 1.8 and classified as problematic. This issue affects some unknown processing of the file /api/backend/v1/user/create of the component User Avatar Handler. The manipulation of the argument Avatar leads to server-side request forgery. Th...

5.1CVSS0.00385EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/04/28 8:31 a.m.12 views

CVE-2025-4012 playeduxyz PlayEdu 开源培训系统 User Avatar create server-side request forgery

A vulnerability was found in playeduxyz PlayEdu 开源培训系统 up to 1.8 and classified as problematic. This issue affects some unknown processing of the file /api/backend/v1/user/create of the component User Avatar Handler. The manipulation of the argument Avatar leads to server-side request forgery. Th...

5.1CVSS3.8AI score0.00385EPSS
Exploits1References4
CVE
CVE
added 2025/04/28 8:31 a.m.73 views

CVE-2025-4012

PlayEdu PlayEdu 开源培训系统 (playeduxyz) versions up to 1.8 contain a vulnerability in the User Avatar Handler’s /api/backend/v1/user/create endpoint. The issue arises from manipulating the Avatar argument, enabling server-side request forgery (SSRF). Attacks can be initiated remotely, and the exploit...

7.5CVSS3.8AI score0.00385EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2024/11/28 12:0 a.m.5 views

PT-2024-17375 · Jpress · Jpress

Name of the Vulnerable Software and Affected Versions: jpress version 5.1.2 Description: A problematic issue was found in the Avatar Handler component, affecting an unknown functionality of the file /commons/attachment/upload. The manipulation of the files argument leads to cross-site scripting...

5.4CVSS4.2AI score0.00517EPSS
Exploits1References9
NVD
NVD
added 2024/04/08 12:15 a.m.10 views

CVE-2024-3437

A vulnerability was found in SourceCodester Prison Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /Admin/add-admin.php of the component Avatar Handler. The manipulation of the argument avatar leads to unrestricted upload. The attack ma...

7.5CVSS7.3AI score0.01063EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/04/08 12:0 a.m.12 views

CVE-2024-3437 SourceCodester Prison Management System Avatar add-admin.php unrestricted upload

A vulnerability was found in SourceCodester Prison Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /Admin/add-admin.php of the component Avatar Handler. The manipulation of the argument avatar leads to unrestricted upload. The attack ma...

7.5CVSS6.9AI score0.01063EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/04/08 12:0 a.m.16 views

CVE-2024-3437 SourceCodester Prison Management System Avatar add-admin.php unrestricted upload

A vulnerability was found in SourceCodester Prison Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /Admin/add-admin.php of the component Avatar Handler. The manipulation of the argument avatar leads to unrestricted upload. The attack ma...

7.5CVSS7.5AI score0.01063EPSS
Exploits1References4
CVE
CVE
added 2024/04/08 12:0 a.m.73 views

CVE-2024-3437

CVE-2024-3437 affects SourceCodester Prison Management System 1.0, specifically the Avatar Handler in /Admin/add-admin.php. The avatar parameter can be manipulated to achieve unrestricted file upload, enabling remote exploitation. Multiple sources confirm a remote, unauthenticated impact with pub...

7.5CVSS7.3AI score0.01063EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2024/04/08 12:0 a.m.5 views

Prison Management System 代码问题漏洞

Prison Management System is a prison management system developed by Carlo Montero. A code issue exists in Prison Management System version 1.0, which is caused by an unrestricted file upload in the avatar parameter of the component Avatar Handler file in /Admin/edit-photo.php...

7.2CVSS6.8AI score0.00912EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2024/04/07 11:31 p.m.12 views

CVE-2024-3436 SourceCodester Prison Management System Avatar edit-photo.php unrestricted upload

A vulnerability was found in SourceCodester Prison Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /Admin/edit-photo.php of the component Avatar Handler. The manipulation of the argument avatar leads to unrestricted upload. The attack c...

6.5CVSS7.1AI score0.00912EPSS
Exploits1References4
CVE
CVE
added 2024/04/07 11:31 p.m.74 views

CVE-2024-3436

CVE-2024-3436 affects SourceCodester Prison Management System 1.0, targeting the Avatar Handler’s /Admin/edit-photo.php. The vulnerability is an unrestricted upload via manipulation of the avatar parameter, allowing remote exploitation. Multiple connected sources confirm the same issue and identi...

7.2CVSS6.5AI score0.00912EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2024/04/07 12:0 a.m.5 views

PT-2024-25828 · Sourcecodester · Sourcecodester Prison Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Prison Management System version 1.0 Description: A critical issue affects the Avatar Handler component, specifically the file /Admin/add-admin.php. The manipulation of the avatar argument leads to unrestricted upload. This iss...

7.5CVSS7.4AI score0.01063EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2024/04/07 12:0 a.m.4 views

PT-2024-25817 · Sourcecodester · Sourcecodester Prison Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Prison Management System version 1.0 Description: A critical issue was discovered in the Avatar Handler component, specifically affecting the /Admin/edit-photo.php file. The avatar argument is vulnerable to manipulation, leadin...

7.2CVSS6.5AI score0.00912EPSS
Exploits1References6
OSV
OSV
added 2024/01/02 1:15 a.m.3 views

CVE-2024-0185

A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been rated as critical. This issue affects some unknown processing of the file dasboardteacher.php of the component Avatar Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely...

8.8CVSS5.6AI score0.00803EPSS
Exploits1References3
Cvelist
Cvelist
added 2024/01/02 12:0 a.m.24 views

CVE-2024-0185 RRJ Nueva Ecija Engineer Online Portal Avatar dasboard_teacher.php unrestricted upload

A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been rated as critical. This issue affects some unknown processing of the file dasboardteacher.php of the component Avatar Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely...

5.8CVSS9AI score0.00803EPSS
Exploits1References3
CVE
CVE
added 2024/01/02 12:0 a.m.53 views

CVE-2024-0185

CVE-2024-0185 concerns RRJ Nueva Ecija Engineer Online Portal v1.0. The vulnerability affects the Avatar Handler’s dasboard_teacher.php, where manipulation enables unrestricted file uploads. Exploitation is described as remote and publicly disclosed. Affected product is RRJ Nueva Ecija Engineer O...

8.8CVSS8.7AI score0.00803EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/02 12:0 a.m.9 views

CVE-2024-0185 RRJ Nueva Ecija Engineer Online Portal Avatar dasboard_teacher.php unrestricted upload

A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been rated as critical. This issue affects some unknown processing of the file dasboardteacher.php of the component Avatar Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely...

5.8CVSS6.9AI score0.00803EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/01/01 12:0 a.m.4 views

PT-2024-15369 · Unknown · Rrj Nueva Ecija Engineer Online Portal

Name of the Vulnerable Software and Affected Versions: RRJ Nueva Ecija Engineer Online Portal version 1.0 Description: A critical issue affects the processing of the file dasboard teacher.php of the component Avatar Handler, leading to unrestricted upload. The attack may be initiated remotely...

8.8CVSS7AI score0.00803EPSS
Exploits1References8
NVD
NVD
added 2023/04/07 6:15 p.m.25 views

CVE-2023-1942

A vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/?page=user of the component Avatar Handler. The manipulation leads to unrestricted upload. The attack can...

9.8CVSS7.2AI score0.00893EPSS
Exploits1References3
Rows per page
Query Builder