Skip to main content

Avatar Uploader

4 CVEs product

Monthly

CVE-2022-50957 MEDIUM POC This Month

Drupal avatar_uploader 7.x-1.0-beta8 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the file parameter. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Avatar Uploader
NVD Exploit-DB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2018-9205 HIGH POC THREAT This Week

Vulnerability in avatar_uploader v7.x-1.0-beta8 , The code in view.php doesn't verify users or sanitize the file path. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Avatar Uploader
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
56.9%
CVE-2015-2087 MEDIUM PATCH This Month

Unrestricted file upload vulnerability in the Avatar Uploader module before 6.x-1.3 for Drupal allows remote authenticated users to execute arbitrary PHP code by uploading a file with a PHP. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

PHP File Upload Avatar Uploader
NVD
CVSS 2.0
6.5
EPSS
0.4%
CVE-2014-9155 MEDIUM PATCH This Month

Directory traversal vulnerability in the Avatar Uploader module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.0-beta6 for Drupal allows remote authenticated users to read arbitrary files via a .. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Avatar Uploader
NVD
CVSS 2.0
4.0
EPSS
0.7%
EPSS 0% CVSS 5.1
MEDIUM POC This Month

Drupal avatar_uploader 7.x-1.0-beta8 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the file parameter. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Avatar Uploader
NVD Exploit-DB
EPSS 57% CVSS 7.5
HIGH POC THREAT This Week

Vulnerability in avatar_uploader v7.x-1.0-beta8 , The code in view.php doesn't verify users or sanitize the file path. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Avatar Uploader
NVD Exploit-DB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Unrestricted file upload vulnerability in the Avatar Uploader module before 6.x-1.3 for Drupal allows remote authenticated users to execute arbitrary PHP code by uploading a file with a PHP. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

PHP File Upload Avatar Uploader
NVD
EPSS 1% CVSS 4.0
MEDIUM PATCH This Month

Directory traversal vulnerability in the Avatar Uploader module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.0-beta6 for Drupal allows remote authenticated users to read arbitrary files via a .. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Avatar Uploader
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy