6 matches found
CVE-2025-70151
code-projects Scholars Tracking System 1.0 allows an authenticated attacker to achieve remote code execution via unrestricted file upload. The endpoints updateprofilepicture.php and uploadpicture.php store uploaded files in a web-accessible uploads/ directory using the original, user-supplied...
EUVD-2024-33432
Malicious code in bioql PyPI...
CVE-2024-10528
CVE-2024-10528 (Ultimate Member) affects WordPress plugin Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership. The root cause is a missing capability check in the image resize handlers (wp_ajax_um_resize_image() and ajax_resize_image()), which a...
PT-2024-26936 · Mattermost · Mattermost
Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.5.x through 9.5.5 Mattermost version 9.8.0 Description: The issue arises when Mattermost is used with shared channels and multiple remote servers are connected. In such cases, the system fails to verify that the remote...
CVE-2024-5639 User Profile Picture <= 2.6.1 - Authenticated (Author+) Insecure Direct Object Reference to Profile Picture Update
The User Profile Picture plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.6.1 via the 'restapichangeprofileimage' function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...
CVE-2023-41506
An arbitrary file upload vulnerability in the Update/Edit Student's Profile Picture function of Student Enrollment In PHP v1.0 allows attackers to execute arbitrary code via uploading a crafted PHP file...