Avatar Uploader Project

Avatar Uploader

3 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2022-50957

Exploit
  • EPSS 0.24%
  • Veröffentlicht 10.05.2026 13:16:33
  • Zuletzt bearbeitet 04.06.2026 14:23:47

Drupal avatar_uploader 7.x-1.0-beta8 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the file parameter. Attackers can craft URLs with script payloads in the fi...

6.5

CVE-2015-2087

  • EPSS 1.84%
  • Veröffentlicht 26.02.2015 15:59:01
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Unrestricted file upload vulnerability in the Avatar Uploader module before 6.x-1.3 for Drupal allows remote authenticated users to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via unspecified vectors.

4

CVE-2014-9155

  • EPSS 1.48%
  • Veröffentlicht 01.12.2014 16:59:06
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Directory traversal vulnerability in the Avatar Uploader module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.0-beta6 for Drupal allows remote authenticated users to read arbitrary files via a .. (dot dot) in the path of a cropped picture in the up...