CVE Details
Basic Information
| Title | code-projects Online Note Sharing Profile Image userprofile.php unrestricted upload |
|---|---|
| Type | cve |
| Published | 2025-07-07T10:32:05.464Z |
| Modified | 2025-07-07T10:32:05.464Z |
Product Information
| Vendor | code-projects |
|---|---|
| Product | Online Note Sharing |
| Version | 1.0 |
CVSS Information
| Base Score | 5.3 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
AI Analysis
| AI Description | A critical vulnerability in code-projects Online Note Sharing 1.0 allows unrestricted file uploads via the profile image handler. This could enable attackers to upload malicious files, potentially leading to remote code execution or other attacks. |
|---|---|
| AI Severity | High |
| AI Vendor | code-projects |
| AI Product | Online Note Sharing |
| AI Version | 1.0 |
Affected Products
- code-projects Online Note Sharing 1.0
Additional Information
| CWE List | CWE-434, CWE-284 |
|---|---|
| Source | VulDB |
Description
A vulnerability classified as critical has been found in code-projects Online Note Sharing 1.0. Affected is an unknown function of the file /dashboard/userprofile.php of the component Profile Image Handler. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.