CVE-2025-3855
CodeCanyon RISE Ultimate Project Manager Profile Picture save_profile_image resource injection
We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
CodeCanyon RISE Ultimate Project Manager Profile Picture save_profile_image resource injection
A vulnerability was found in CodeCanyon RISE Ultimate Project Manager 3.8.2 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php/team_members/save_profile_image/ of the component Profile Picture Handler. The manipulation of the argument profile_image_file leads to improper control of resource identifiers. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Eine Schwachstelle wurde in CodeCanyon RISE Ultimate Project Manager 3.8.2 gefunden. Sie wurde als problematisch eingestuft. Davon betroffen ist unbekannter Code der Datei /index.php/team_members/save_profile_image/ der Komponente Profile Picture Handler. Mit der Manipulation des Arguments profile_image_file mit unbekannten Daten kann eine improper control of resource identifiers-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
Improper Control of Resource Identifiers
| 2025-04-21: | Advisory disclosed |
| 2025-04-21: | VulDB entry created |
| 2025-04-21: | VulDB entry last update |
TheL4zyF0x (VulDB User)
vuldb.com/?id.305780 (VDB-305780 | CodeCanyon RISE Ultimate Project Manager Profile Picture save_profile_image resource injection)
vuldb.com/?ctiid.305780 (VDB-305780 | CTI Indicators (IOB, IOC, IOA))
vuldb.com/?submit.556871 (Submit #556871 | codecanyon RISE - Ultimate Project Manager & CRM 3.8.2 Broken/Incorrect Access Control)
github.com/L4zyFox/RISE-Ultimate_Project_Manager_e_CRM
Support options
