CVE-2025-4012

A vulnerability was found in playeduxyz PlayEdu 开源培训系统 up to 1.8 and classified as problematic. This issue affects some unknown processing of the file /api/backend/v1/user/create of the component User Avatar Handler. The manipulation of the argument Avatar leads to server-side request forgery. Th...

CVE-2025-4012 playeduxyz PlayEdu 开源培训系统 User Avatar create server-side request forgery

A vulnerability was found in playeduxyz PlayEdu 开源培训系统 up to 1.8 and classified as problematic. This issue affects some unknown processing of the file /api/backend/v1/user/create of the component User Avatar Handler. The manipulation of the argument Avatar leads to server-side request forgery. Th...

CVE-2025-4012

PlayEdu PlayEdu 开源培训系统 (playeduxyz) versions up to 1.8 contain a vulnerability in the User Avatar Handler’s /api/backend/v1/user/create endpoint. The issue arises from manipulating the Avatar argument, enabling server-side request forgery (SSRF). Attacks can be initiated remotely, and the exploit...

CVE-2025-4012 playeduxyz PlayEdu 开源培训系统 User Avatar create server-side request forgery

A vulnerability was found in playeduxyz PlayEdu 开源培训系统 up to 1.8 and classified as problematic. This issue affects some unknown processing of the file /api/backend/v1/user/create of the component User Avatar Handler. The manipulation of the argument Avatar leads to server-side request forgery. Th...