PT-2025-17477 · Unknown · Codecanyon Rise Ultimate Project Manager
Thel4Zyf0X
·
Published
2025-04-22
·
Updated
2025-08-01
·
CVE-2025-3855
CVSS v4.0
5.3
Medium
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
CodeCanyon RISE Ultimate Project Manager version 3.8.2
Description
A problem was found in the file /index.php/team members/save profile image/ of the component Profile Picture Handler. The manipulation of the argument
profile image file leads to improper control of resource identifiers. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.Recommendations
For CodeCanyon RISE Ultimate Project Manager version 3.8.2, as a temporary workaround, consider restricting access to the
/index.php/team members/save profile image/ endpoint until a patch is available. Avoid using the profile image file argument in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Codecanyon Rise Ultimate Project Manager