CVE-2023-3796

Name of the Vulnerable Software and Affected Versions Bug Finder Foody Friend version 1.0

Description A problematic issue has been found in the Profile Picture Handler component, affecting some unknown functionality of the file /user/profile. The manipulation of the profile picture argument leads to unrestricted upload. The attack can be launched remotely. The vendor was contacted about this disclosure but did not respond.

Recommendations For Bug Finder Foody Friend version 1.0, as a temporary workaround, consider restricting access to the Profile Picture Handler component until a patch is available. Avoid using the profile picture argument in the affected file /user/profile to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.