PT-2026-4914 · Askbot · Askbot
Daniel Celis
·
Published
2026-01-27
·
Updated
2026-04-07
·
CVE-2026-1213
CVSS v4.0
5.3
Medium
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
askbot versions prior to 0.12.2
Description
An authenticated attacker with normal user permissions can modify the profile picture of other application users.
Recommendations
Update to a version later than 0.12.2.
Exploit
Fix
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Askbot