16 matches found
CVE-2025-13320
The WP User Manager plugin for WordPress is vulnerable to Arbitrary File Deletion in all versions up to, and including, 2.9.12. This is due to insufficient validation of user-supplied file paths in the profile update functionality combined with improper handling of array inputs by PHP's filterinp...
CVE-2025-13320
The WP User Manager plugin for WordPress is vulnerable to Arbitrary File Deletion in all versions up to, and including, 2.9.12. This is due to insufficient validation of user-supplied file paths in the profile update functionality combined with improper handling of array inputs by PHP's filterinp...
EUVD-2025-202983
The WP User Manager plugin for WordPress is vulnerable to Arbitrary File Deletion in all versions up to, and including, 2.9.12. This is due to insufficient validation of user-supplied file paths in the profile update functionality combined with improper handling of array inputs by PHP's filterinp...
CVE-2025-13320 WP User Manager <= 2.9.12 - Authenticated (Subscriber+) Arbitrary File Deletion via 'current_user_avatar' Parameter
The WP User Manager plugin for WordPress is vulnerable to Arbitrary File Deletion in all versions up to, and including, 2.9.12. This is due to insufficient validation of user-supplied file paths in the profile update functionality combined with improper handling of array inputs by PHP's filterinp...
PT-2025-50815
The WP User Manager plugin for WordPress is vulnerable to Arbitrary File Deletion in all versions up to, and including, 2.9.12. This is due to insufficient validation of user-supplied file paths in the profile update functionality combined with improper handling of array inputs by PHP's filter...
EUVD-2021-29071
Malicious code in bioql PyPI...
CVE-2021-42085
An issue was discovered in Zammad before 4.1.1. There is stored XSS via a custom Avatar...
CVE-2021-42085
An issue was discovered in Zammad before 4.1.1. There is stored XSS via a custom Avatar...
CVE-2021-42085
An issue was discovered in Zammad before 4.1.1. There is stored XSS via a custom Avatar...
Cross site scripting
An issue was discovered in Zammad before 4.1.1. There is stored XSS via a custom Avatar...
CVE-2021-42085
An issue was discovered in Zammad before 4.1.1. There is stored XSS via a custom Avatar...
Zammad 跨站脚本漏洞
Zammad is a Web-based open source help desk/customer support system. versions prior to Zammad 4.1.1 are vulnerable to a stored cross-site scripting vulnerability. An attacker could exploit the vulnerability to inject malicious JavaScript code via a custom avatar...
CVE-2005-1031
RUNCMS 1.1A, and possibly other products based on e-Xoops exoops, when "Allow custom avatar upload" is enabled, does not properly verify uploaded files, which allows remote attackers to upload arbitrary files...
CVE-2005-0743
The custom avatar uploading feature uploader.php for XOOPS 2.0.9.2 and earlier allows remote attackers to upload arbitrary PHP scripts, whose file extensions are not filtered...
runcms/e-xoops 1.1A and below file upload vulnerability
Products: runcms/e-xoops 1.1A http://www.runcms.org Summary: runcms/e-xoops 1.1A and below file upload vulnerability Description =========== runcms/e-xoops is an extensible, OO Object Oriented, easy to use dynamic web content management system written in PHP. runcms/e-xoops is the ideal tool for...
CVE-2005-0743
The custom avatar uploading feature uploader.php for XOOPS 2.0.9.2 and earlier allows remote attackers to upload arbitrary PHP scripts, whose file extensions are not filtered...