CVE-2026-10807
6.3 MEDIUMA vulnerability was determined in mjperpinosa stumasy
Published: 2026-06-04 · Last updated: 2026-06-04
Severity and scoring
- CVSS
- 6.3 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
- CWE
- CWE-284, CWE-434
Description
A vulnerability was determined in mjperpinosa stumasy. The impacted element is an unknown function of the file application/PHP/objects/profiles/change_profile_image.php. Executing a manipulation of the argument pr_profile_image can lead to unrestricted upload. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. The project was informed of the problem early through an issue report but has not responded yet.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-10807
- [Other]https://github.com/mjperpinosa/stumasy/
- [Other]https://github.com/mjperpinosa/stumasy/issues/3
- [Other]https://vuldb.com/cve/CVE-2026-10807
- [Other]https://vuldb.com/submit/831551
- [Other]https://vuldb.com/vuln/368255
- [Other]https://vuldb.com/vuln/368255/cti
Related CVEs
Same CWE
- CVE-2026-48610 — Under certain network configurations, a malicious actor with access to network could exploit an Improper Access Control vulnerability fou... (8.1 HIGH)
- CVE-2026-47366 — Improper verification of access permissions when modifying permissions through the Administration Control Panel (ACP) allowed an authenti... (7.2 HIGH)
- CVE-2026-44249 — Netty is a network application framework for development of protocol servers and clients (8.1 HIGH)
- CVE-2026-46489 — SolidInvoice is an open-source invoicing platform (8.1 HIGH)
- CVE-2026-45178 — Idira Secrets Manager Self-Hosted versions 13.8.0 and lower exhibit improper access control within internal cluster endpoints