15 matches found
EUVD-2025-17560
Malicious code in bioql PyPI...
EUVD-2023-44429
Malicious code in bioql PyPI...
Vigybag 安全漏洞
Vigybag is an e-commerce platform by Vigybag India. A security vulnerability exists in Vigybag v1.0 and earlier versions, which stems from the Upload Profile Image feature in My Profile being vulnerable to cross-site scripting attacks...
CVE-2022-40878
In Exam Reviewer Management System 1.0, an authenticated attacker can upload a web-shell php file in profile page to achieve Remote Code Execution RCE...
CVE-2025-4175
A vulnerability, which was classified as critical, was found in AlanBinu007 Spring-Boot-Advanced-Projects up to 3.1.3. This affects the function uploadUserProfileImage of the file...
CVE-2025-4175
A vulnerability, which was classified as critical, was found in AlanBinu007 Spring-Boot-Advanced-Projects up to 3.1.3. This affects the function uploadUserProfileImage of the file...
CVE-2025-4175 AlanBinu007 Spring-Boot-Advanced-Projects Upload Profile API Endpoint UserProfileController.java uploadUserProfileImage path traversal
A vulnerability, which was classified as critical, was found in AlanBinu007 Spring-Boot-Advanced-Projects up to 3.1.3. This affects the function uploadUserProfileImage of the file...
CVE-2025-4175 AlanBinu007 Spring-Boot-Advanced-Projects Upload Profile API Endpoint UserProfileController.java uploadUserProfileImage path traversal
A vulnerability, which was classified as critical, was found in AlanBinu007 Spring-Boot-Advanced-Projects up to 3.1.3. This affects the function uploadUserProfileImage of the file...
PT-2025-18711 · Alanbinu007 · Spring-Boot-Advanced-Projects
Name of the Vulnerable Software and Affected Versions: AlanBinu007 Spring-Boot-Advanced-Projects versions up to 3.1.3 Description: A critical vulnerability was found in AlanBinu007 Spring-Boot-Advanced-Projects, affecting the function uploadUserProfileImage of the file...
CVE-2023-40050
Upload profile either through API or user interface in Chef Automate prior to and including version 4.10.29 using InSpec check command with maliciously crafted profile allows remote code execution...
Bludit Path Traversal Vulnerability
Bludit is an open source, lightweight blog content management system CMS. A path traversal vulnerability exists in Bludit version 3.8.1. An attacker can exploit the vulnerability by deleting arbitrary files / admin / ajax / upload-profile-picture...
CVE-2020-18190
Bludit v3.8.1 is affected by directory traversal. Remote attackers are able to delete arbitrary files via /admin/ajax/upload-profile-picture...
Directory traversal
Bludit v3.8.1 is affected by directory traversal. Remote attackers are able to delete arbitrary files via /admin/ajax/upload-profile-picture...
CVE-2020-18190
Bludit v3.8.1 is affected by directory traversal. Remote attackers are able to delete arbitrary files via /admin/ajax/upload-profile-picture...
U.S. Dept Of Defense: idor on upload profile functionality
Vulnerable URL: https://██████████/███████ID/Common/EditOne/Person/accountid steps to reproduce: 1.browse the image and click on the upload button 2.capture this request in burp suite 3. change the value 'personId' parameter to account2 accountid please see screenshot1 4.then goes to account2, th...