PT-2025-38639 · Selleo · Selleo Mentingo
Khanmarshal
·
Published
2025-09-20
·
Updated
2025-09-21
·
CVE-2025-10755
CVSS v2.0
6.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Selleo Mentingo version 2025.08.27
Description
A vulnerability exists in Selleo Mentingo 2025.08.27 within the Content-Type Handler component. Manipulation of the
userAvatar argument results in unrestricted upload, and the attack can be performed remotely. The exploit is publicly available. The vendor was contacted regarding this disclosure but did not respond.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Improper Access Control
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Selleo Mentingo