CVE-2025-4012 | playeduxyz PlayEdu 开源培训系统 up to 1.8 User Avatar create server-side request forgery

A vulnerability was found in playeduxyz PlayEdu 开源培训系统 up to 1.8 and classified as problematic. This issue affects some unknown processing of the file /api/backend/v1/user/create of the component User Avatar Handler. The manipulation of the argument Avatar leads to server-side request forgery.

The identification of this vulnerability is CVE-2025-4012. The attack may be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-4012 | playeduxyz PlayEdu 开源培训系统 up to 1.8 User Avatar create server-side request forgery

Post correlati

CVE-2024-7276 | itsourcecode Alton Management System 1.0 /admin/member_save.php last/first sql injection

CVE-2024-13582 | labibahmed42 Simple Pricing Tables for WPBakery Page Builder Plugin cross site scripting

CVE-2024-21245 | Oracle JD Edwards EnterpriseOne Tools up to 9.2.8.2 Business Logic Infra SEC improper authorization

CVE-2024-23462 | Zscaler Client Connector up to 3.3 on macOS integrity check