mjperpinosa stumasy change_profile_image.php unrestricted upload_CVE-2026-10807

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was determined in mjperpinosa stumasy. The impacted element is an unknown function of the file application/PHP/objects/profiles/change_profile_image.php. Executing a manipulation of the argument pr_profile_image can lead to unrestricted upload. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. The project was informed of the problem early through an issue report but has not responded yet.

Basic Information

ID CVE-2026-10807

Source VulDB

Published Jun 4, 2026 at 12:30

Modified Jun 4, 2026 at 13:48

Affected Product

Vendor mjperpinosa

Product stumasy

Version 25d695901fbb586bf184b8ba73456d8e5311656c

Affected Versions mjperpinosa stumasy 25d695901fbb586bf184b8ba73456d8e5311656c
mjperpinosa stumasy 79c86fce86a09adc6edcbd6d56115fbff14ed538
mjperpinosa stumasy 327d1b0f2915ba79d7ef8ebb74553e987609d9be

CWE Classification

CWE-434 CWE-284

References

{
    "lastseen": "",
    "description": "A vulnerability was determined in mjperpinosa stumasy. The impacted element is an unknown function of the file application/PHP/objects/profiles/change_profile_image.php. Executing a manipulation of the argument pr_profile_image can lead to unrestricted upload. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. The project was informed of the problem early through an issue report but has not responded yet.",
    "published": "2026-06-04T12:30:12.057Z",
    "modified": "2026-06-04T13:48:22.393Z",
    "type": "cve",
    "title": "mjperpinosa stumasy change_profile_image.php unrestricted upload",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/368255\nhttps://vuldb.com/vuln/368255/cti\nhttps://vuldb.com/cve/CVE-2026-10807\nhttps://vuldb.com/submit/831551\nhttps://github.com/mjperpinosa/stumasy/issues/3\nhttps://github.com/mjperpinosa/stumasy/",
    "id": "CVE-2026-10807",
    "bulletinFamily": "",
    "cwe": [
        "CWE-434",
        "CWE-284"
    ],
    "cvelist": null,
    "sourceData": "mjperpinosa stumasy 25d695901fbb586bf184b8ba73456d8e5311656c\nmjperpinosa stumasy 79c86fce86a09adc6edcbd6d56115fbff14ed538\nmjperpinosa stumasy 327d1b0f2915ba79d7ef8ebb74553e987609d9be",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "stumasy",
    "version": "25d695901fbb586bf184b8ba73456d8e5311656c",
    "vendor": "mjperpinosa",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}