PT-2025-38005

Name of the Vulnerable Software and Affected Versions: code-projects Computer Laboratory System version 1.0 Description: The Computer Laboratory System contains a file upload issue. Staff members can upload malicious files, specifically PHP backdoor files, when modifying their avatar information...

CVE-2025-9296

A security vulnerability has been detected in Emlog Pro up to 2.5.18. This affects an unknown function of the file /admin/blogger.php?action=updateavatar. Such manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been...

CVE-2023-6384

The WP User Profile Avatar WordPress plugin before 1.0.1 does not properly check for authorisation, allowing authors to delete and update arbitrary avatar...

CVE-2021-24675

The One User Avatar WordPress plugin before 2.3.7 does not check for CSRF when updating the Avatar in page where the avatarupload shortcode is embed. As a result, attackers could make logged in user change their avatar via a CSRF attack...

One User Avatar < 2.3.7 - Avatar Update via CSRF

The plugin does not check for CSRF when updating the Avatar in page where the avatarupload shortcode is embed. As a result, attackers could make logged in user change their avatar via a CSRF attack PoC Click POST /one-user-avatar-avatar-upload/ HTTP/1.1 Accept:...

Unrestricted file upload

Because of Unrestricted Upload of a File with a Dangerous Type, Sourcefabric Newscoop 4.4.7 allows an authenticated user to execute arbitrary PHP code and sometimes terminal commands on a server by making an avatar update and then visiting the avatar file under the /images/ path...

phpok sql注入一枚

简要描述： phpok4.2.083，刚下的 详细说明： 1.safekey固定，导致加密函数可逆 2.使用固定的safekey加密后发起攻击请求，加密内容在代码中解密，绕过了过滤 /install/index.php中 $content = filegetcontentsROOT."config.php"; //查找替换 $content = pregreplace'/$config"db"\"file"\s=\s'|"a-zA-Z0-9-\'|";/isU','$config"db""file" = "'.$dbconfig'file'.'";',$content;...