9 matches found
EUVD-2025-12568
Malicious code in bioql PyPI...
CVE-2025-4012
A vulnerability was found in playeduxyz PlayEdu 开源培训系统 up to 1.8 and classified as problematic. This issue affects some unknown processing of the file /api/backend/v1/user/create of the component User Avatar Handler. The manipulation of the argument Avatar leads to server-side request forgery. Th...
CVE-2025-4012
A vulnerability was found in playeduxyz PlayEdu 开源培训系统 up to 1.8 and classified as problematic. This issue affects some unknown processing of the file /api/backend/v1/user/create of the component User Avatar Handler. The manipulation of the argument Avatar leads to server-side request forgery. Th...
CVE-2025-4012
A vulnerability was found in playeduxyz PlayEdu 开源培训系统 up to 1.8 and classified as problematic. This issue affects some unknown processing of the file /api/backend/v1/user/create of the component User Avatar Handler. The manipulation of the argument Avatar leads to server-side request forgery. Th...
CVE-2025-4012 playeduxyz PlayEdu 开源培训系统 User Avatar create server-side request forgery
A vulnerability was found in playeduxyz PlayEdu 开源培训系统 up to 1.8 and classified as problematic. This issue affects some unknown processing of the file /api/backend/v1/user/create of the component User Avatar Handler. The manipulation of the argument Avatar leads to server-side request forgery. Th...
CVE-2025-4012
PlayEdu PlayEdu 开源培训系统 (playeduxyz) versions up to 1.8 contain a vulnerability in the User Avatar Handler’s /api/backend/v1/user/create endpoint. The issue arises from manipulating the Avatar argument, enabling server-side request forgery (SSRF). Attacks can be initiated remotely, and the exploit...
CVE-2025-4012 playeduxyz PlayEdu 开源培训系统 User Avatar create server-side request forgery
A vulnerability was found in playeduxyz PlayEdu 开源培训系统 up to 1.8 and classified as problematic. This issue affects some unknown processing of the file /api/backend/v1/user/create of the component User Avatar Handler. The manipulation of the argument Avatar leads to server-side request forgery. Th...
PlayEdu 代码问题漏洞
PlayEdu is an industry-leading online training solution from the China PlayEdu team. A code issue vulnerability exists in PlayEdu 1.8 and earlier versions, which stems from a server-side request forgery due to incorrect operation of the parameter Avatar in the file /api/backend/v1/user/create...
PT-2025-18053 · Playedu · Playedu
Name of the Vulnerable Software and Affected Versions: playeduxyz PlayEdu versions 1.8 and earlier Description: A problem was found in the processing of the "/api/backend/v1/user/create" file of the User Avatar Handler component. The manipulation of the Avatar argument leads to server-side reques...