Vulnerability in Robbin Zhao Avatar_uploader
CVE-2018-9205
Vulnerability in avatar_uploader v7.x-1.0-beta8 , The code in view.php doesn't verify users or sanitize the file path.
EPSS: 0.814 (99.2th percentile) — read the EPSS interpretation.
Affected products
- Robbin Zhao Avatar_uploader — versions unspecified
Public proof-of-concept exploits
References
- www.vapidlabs.com/advisory.php (x_refsource_MISC)
- 44501 (exploit, x_refsource_EXPLOIT-DB)
- www.drupal.org/project/avatar_uploader (x_refsource_MISC)
- www.drupal.org/project/avatar_uploader/issues/2957966 (x_refsource_MISC)
Frequently asked questions
- What is CVE-2018-9205?
- CVE-2018-9205 is a vulnerability in Robbin Zhao Avatar_uploader. Published 2018-04-04.
- Is CVE-2018-9205 known to be exploited?
- 7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.