PT-2024-34376 · Unknown · Python Book

Name of the Vulnerable Software and Affected Versions: python book version V1.0 Description: The issue concerns an arbitrary file upload vulnerability in the user avatar upload function. This vulnerability allows for the upload of arbitrary files, which could potentially lead to security issues...

PT-2024-34380 · Java Shop · Java Shop

Name of the Vulnerable Software and Affected Versions: java shop version 1.0 Description: A file upload issue allows attackers to upload arbitrary files by modifying the avatar function. This enables them to upload any file they want by changing the avatar function. Recommendations: For java shop...

PT-2024-37984 · Flute Cms · Flute Cms

Name of the Vulnerable Software and Affected Versions: Flute CMS version 0.2.2.4-alpha Description: A critical issue affects the Avatar Upload Page component, specifically the file app/Core/Http/Controllers/Profile/ImagesController.php. The manipulation of the avatar argument leads to unrestricte...

PT-2023-14965 · 72Crm · 72Crm

Name of the Vulnerable Software and Affected Versions: 72crm version 9 Description: The issue is related to an arbitrary file upload vulnerability via the avatar upload function, allowing attackers to execute arbitrary code by uploading a crafted PHP file. Recommendations: For 72crm version 9,...

PT-2021-11668 · Atlassian · Confluence

Name of the Vulnerable Software and Affected Versions: Atlassian Confluence Server and Data Center versions prior to 7.2.0 Description: The issue allows remote attackers to impact the application's availability via a Denial of Service DoS vulnerability in the avatar upload feature. Recommendation...