We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
This vulnerability allows authenticated users to change other user's profile pictures.
Moreover, we can access directly to Profile Pictures like this http://site-name/bludit/bl-content/uploads/profiles/[username].png
From a HTTP Request to perform to change a user picture.
We could change the username to another username.
As a result, we could change to the profile picture of another user.
Login with Administrator to verify the change via username “admin” and found a profile picture has changed.
In addition, we could arbitrarily create a picture (png) to other directories.
Comments The vulnerability doesn't validate an authorization before the upload process. Moreover, it could be pulled username from trusted source
Affected in Bludit v3.10.0
PHP Version 7.1.33
The text was updated successfully, but these errors were encountered:
I will check, thank you!
Sorry, something went wrong.
35483e0
Fixed, thank you
No branches or pull requests
Describe
This vulnerability allows authenticated users to change other user's profile pictures.
Steps to reproduce the vulnerability
Moreover, we can access directly to Profile Pictures like this
http://site-name/bludit/bl-content/uploads/profiles/[username].png
From a HTTP Request to perform to change a user picture.
We could change the username to another username.
As a result, we could change to the profile picture of another user.
Login with Administrator to verify the change via username “admin” and found a profile picture has changed.
In addition, we could arbitrarily create a picture (png) to other directories.
Comments
The vulnerability doesn't validate an authorization before the upload process. Moreover, it could be pulled username from trusted source
Bludit version
Affected in Bludit v3.10.0
PHP version
PHP Version 7.1.33
The text was updated successfully, but these errors were encountered: