49 matches found
CVE-2025-4012
A vulnerability was found in playeduxyz PlayEdu 开源培训系统 up to 1.8 and classified as problematic. This issue affects some unknown processing of the file /api/backend/v1/user/create of the component User Avatar Handler. The manipulation of the argument Avatar leads to server-side request forgery. Th...
CVE-2025-4012 playeduxyz PlayEdu 开源培训系统 User Avatar create server-side request forgery
A vulnerability was found in playeduxyz PlayEdu 开源培训系统 up to 1.8 and classified as problematic. This issue affects some unknown processing of the file /api/backend/v1/user/create of the component User Avatar Handler. The manipulation of the argument Avatar leads to server-side request forgery. Th...
CVE-2025-4012 playeduxyz PlayEdu 开源培训系统 User Avatar create server-side request forgery
A vulnerability was found in playeduxyz PlayEdu 开源培训系统 up to 1.8 and classified as problematic. This issue affects some unknown processing of the file /api/backend/v1/user/create of the component User Avatar Handler. The manipulation of the argument Avatar leads to server-side request forgery. Th...
CVE-2025-4012
PlayEdu PlayEdu 开源培训系统 (playeduxyz) versions up to 1.8 contain a vulnerability in the User Avatar Handler’s /api/backend/v1/user/create endpoint. The issue arises from manipulating the Avatar argument, enabling server-side request forgery (SSRF). Attacks can be initiated remotely, and the exploit...
PT-2024-17375 · Jpress · Jpress
Name of the Vulnerable Software and Affected Versions: jpress version 5.1.2 Description: A problematic issue was found in the Avatar Handler component, affecting an unknown functionality of the file /commons/attachment/upload. The manipulation of the files argument leads to cross-site scripting...
CVE-2024-3437
A vulnerability was found in SourceCodester Prison Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /Admin/add-admin.php of the component Avatar Handler. The manipulation of the argument avatar leads to unrestricted upload. The attack ma...
CVE-2024-3437 SourceCodester Prison Management System Avatar add-admin.php unrestricted upload
A vulnerability was found in SourceCodester Prison Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /Admin/add-admin.php of the component Avatar Handler. The manipulation of the argument avatar leads to unrestricted upload. The attack ma...
CVE-2024-3437 SourceCodester Prison Management System Avatar add-admin.php unrestricted upload
A vulnerability was found in SourceCodester Prison Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /Admin/add-admin.php of the component Avatar Handler. The manipulation of the argument avatar leads to unrestricted upload. The attack ma...
CVE-2024-3437
CVE-2024-3437 affects SourceCodester Prison Management System 1.0, specifically the Avatar Handler in /Admin/add-admin.php. The avatar parameter can be manipulated to achieve unrestricted file upload, enabling remote exploitation. Multiple sources confirm a remote, unauthenticated impact with pub...
Prison Management System 代码问题漏洞
Prison Management System is a prison management system developed by Carlo Montero. A code issue exists in Prison Management System version 1.0, which is caused by an unrestricted file upload in the avatar parameter of the component Avatar Handler file in /Admin/edit-photo.php...
CVE-2024-3436 SourceCodester Prison Management System Avatar edit-photo.php unrestricted upload
A vulnerability was found in SourceCodester Prison Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /Admin/edit-photo.php of the component Avatar Handler. The manipulation of the argument avatar leads to unrestricted upload. The attack c...
CVE-2024-3436
CVE-2024-3436 affects SourceCodester Prison Management System 1.0, targeting the Avatar Handler’s /Admin/edit-photo.php. The vulnerability is an unrestricted upload via manipulation of the avatar parameter, allowing remote exploitation. Multiple connected sources confirm the same issue and identi...
PT-2024-25828 · Sourcecodester · Sourcecodester Prison Management System
Name of the Vulnerable Software and Affected Versions: SourceCodester Prison Management System version 1.0 Description: A critical issue affects the Avatar Handler component, specifically the file /Admin/add-admin.php. The manipulation of the avatar argument leads to unrestricted upload. This iss...
PT-2024-25817 · Sourcecodester · Sourcecodester Prison Management System
Name of the Vulnerable Software and Affected Versions: SourceCodester Prison Management System version 1.0 Description: A critical issue was discovered in the Avatar Handler component, specifically affecting the /Admin/edit-photo.php file. The avatar argument is vulnerable to manipulation, leadin...
CVE-2024-0185
A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been rated as critical. This issue affects some unknown processing of the file dasboardteacher.php of the component Avatar Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely...
CVE-2024-0185 RRJ Nueva Ecija Engineer Online Portal Avatar dasboard_teacher.php unrestricted upload
A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been rated as critical. This issue affects some unknown processing of the file dasboardteacher.php of the component Avatar Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely...
CVE-2024-0185
CVE-2024-0185 concerns RRJ Nueva Ecija Engineer Online Portal v1.0. The vulnerability affects the Avatar Handler’s dasboard_teacher.php, where manipulation enables unrestricted file uploads. Exploitation is described as remote and publicly disclosed. Affected product is RRJ Nueva Ecija Engineer O...
CVE-2024-0185 RRJ Nueva Ecija Engineer Online Portal Avatar dasboard_teacher.php unrestricted upload
A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been rated as critical. This issue affects some unknown processing of the file dasboardteacher.php of the component Avatar Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely...
PT-2024-15369 · Unknown · Rrj Nueva Ecija Engineer Online Portal
Name of the Vulnerable Software and Affected Versions: RRJ Nueva Ecija Engineer Online Portal version 1.0 Description: A critical issue affects the processing of the file dasboard teacher.php of the component Avatar Handler, leading to unrestricted upload. The attack may be initiated remotely...
CVE-2023-1942
A vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/?page=user of the component Avatar Handler. The manipulation leads to unrestricted upload. The attack can...