CVE-2026-10807 | mjperpinosa stumasy change_profile_image.php pr_profile_image unrestricted upload

A vulnerability described as critical has been identified in mjperpinosa stumasy. The impacted element is an unknown function of the file application/PHP/objects/profiles/change_profile_image.php. Executing a manipulation of the argument pr_profile_image can lead to unrestricted upload.

The identification of this vulnerability is CVE-2026-10807. The attack may be launched remotely. Furthermore, there is an exploit available.

This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-10807 | mjperpinosa stumasy change_profile_image.php pr_profile_image unrestricted upload

Post correlati

CVE-2024-42783 | Kashipara Music Management System 1.0 manage_playlist_items.php pid sql injection

CVE-2023-36646 | ProLion CryptoSpike 3.0.15P2 REST API Endpoint access control

CVE-2025-58712 | Red Hat AMQ /etc/passwd permission

CVE-2025-58147 | Xen Viridian Hypercall vpmask_set out-of-bounds write