13 matches found
CVE-2025-12862
A vulnerability was identified in projectworlds Online Notes Sharing Platform 1.0. Affected by this issue is some unknown functionality of the file /dashboard/userprofile.php. Such manipulation of the argument image leads to unrestricted upload. The attack may be performed from remote. The exploi...
EUVD-2022-52330
Malicious code in bioql PyPI...
CVE-2022-30423
Merchandise Online Store v1.0 by oretnom23 has an arbitrary code execution RCE vulnerability in the user profile upload point in the system information...
CVE-2024-40513
CVE-2024-40513 affects themesebrand Chatvia v5.3.2. The vulnerability allows remote attackers to execute arbitrary code via the User profile Upload image function. Public details confirm impact and affected version; however, the exact root cause and exploit details are not provided in the documen...
CVE-2024-23734
Cross Site Request Forgery vulnerability in in the upload functionality of the User Profile pages in savignano S/Notify before 2.0.1 for Bitbucket allow attackers to replace S/MIME certificate or PGP keys for arbitrary users via crafted link...
CVE-2024-23734
Cross Site Request Forgery vulnerability in in the upload functionality of the User Profile pages in savignano S/Notify before 2.0.1 for Bitbucket allow attackers to replace S/MIME certificate or PGP keys for arbitrary users via crafted link...
CVE-2022-30423
Merchandise Online Store v1.0 by oretnom23 has an arbitrary code execution RCE vulnerability in the user profile upload point in the system information...
CVE-2022-30423
Merchandise Online Store v1.0 by oretnom23 has an arbitrary code execution RCE vulnerability in the user profile upload point in the system information...
Information disclosure
Merchandise Online Store v1.0 by oretnom23 has an arbitrary code execution RCE vulnerability in the user profile upload point in the system information...
Merchandise Online Store 代码问题漏洞
Merchandise Online Store is a Merchandise Online Store system developed by Carlo Montero. A security vulnerability exists in Merchandise Online Store v1.0, which is caused by a remote code injection issue in the user profile upload port on the system information page...
CVE-2022-30423
CVE-2022-30423 affects Merchandise Online Store v1.0 by oretnom23. The vulnerability is described as an arbitrary code execution (RCE) in the user profile upload point on the system information page. The available connected documents corroborate an RCE impact but do not provide technical details ...
CVE-2022-30423
Merchandise Online Store v1.0 by oretnom23 has an arbitrary code execution RCE vulnerability in the user profile upload point in the system information...
MTN Group: Remote code execution due to unvalidated file upload
Summary: Hello I found a critical vunerability in one of your site, where user can upload any file type as a profile picture including php file Steps To Reproduce: 1. Visit https://careers.mtn.cm and register as a user. 2. After successful registration, login and update your data. 3. When uploadi...