mjperpinosa stumasy add_post.php unrestricted upload_CVE-2026-10806

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was found in mjperpinosa stumasy. The affected element is an unknown function of the file application/PHP/objects/updates/add_post.php. Performing a manipulation of the argument up_file_to_post results in unrestricted upload. The attack may be initiated remotely. The exploit has been made public and could be used. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The project was informed of the problem early through an issue report but has not responded yet.

Basic Information

ID CVE-2026-10806

Source VulDB

Published Jun 4, 2026 at 12:15

Affected Product

Vendor mjperpinosa

Product stumasy

Version 25d695901fbb586bf184b8ba73456d8e5311656c

Affected Versions mjperpinosa stumasy 25d695901fbb586bf184b8ba73456d8e5311656c
mjperpinosa stumasy 79c86fce86a09adc6edcbd6d56115fbff14ed538
mjperpinosa stumasy 327d1b0f2915ba79d7ef8ebb74553e987609d9be

CWE Classification

CWE-434 CWE-284

References

{
    "lastseen": "",
    "description": "A vulnerability was found in mjperpinosa stumasy. The affected element is an unknown function of the file application/PHP/objects/updates/add_post.php. Performing a manipulation of the argument up_file_to_post results in unrestricted upload. The attack may be initiated remotely. The exploit has been made public and could be used. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The project was informed of the problem early through an issue report but has not responded yet.",
    "published": "2026-06-04T12:15:10.177Z",
    "modified": "2026-06-04T12:15:10.177Z",
    "type": "cve",
    "title": "mjperpinosa stumasy add_post.php unrestricted upload",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/368254\nhttps://vuldb.com/vuln/368254/cti\nhttps://vuldb.com/cve/CVE-2026-10806\nhttps://vuldb.com/submit/831510\nhttps://github.com/mjperpinosa/stumasy/issues/1\nhttps://github.com/mjperpinosa/stumasy/",
    "id": "CVE-2026-10806",
    "bulletinFamily": "",
    "cwe": [
        "CWE-434",
        "CWE-284"
    ],
    "cvelist": null,
    "sourceData": "mjperpinosa stumasy 25d695901fbb586bf184b8ba73456d8e5311656c\nmjperpinosa stumasy 79c86fce86a09adc6edcbd6d56115fbff14ed538\nmjperpinosa stumasy 327d1b0f2915ba79d7ef8ebb74553e987609d9be",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "stumasy",
    "version": "25d695901fbb586bf184b8ba73456d8e5311656c",
    "vendor": "mjperpinosa",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}