CVE-2026-1213

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-1213

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-1213.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2026-1213

Aliases

GHSA-r2jv-fwfr-4j8c

Published

2026-01-27T14:15:55.887Z

Modified

2026-03-14T12:47:02.998245Z

Severity

5.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator

Summary

[none]

Details

All versions of askbot before and including 0.12.2 allow an attacker authenticated with normal user permissions to modify the profile picture of other application users.This issue affects askbot: 0.12.2.

References

Affected packages

Git / github.com/askbot/askbot-devel

Affected ranges

Type: GIT
Repo: https://github.com/askbot/askbot-devel
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

3da3d75f35204aa71633c7a315327ba39cb6295d

Affected versions

0.*

0.7.25

0.7.26

0.7.27

0.7.28

0.7.30

0.7.31

0.7.33

0.7.34

0.7.35

0.7.36

0.7.37

0.7.38

0.7.40

0.7.41

0.7.42

0.7.43

0.7.44

0.7.45

0.7.46

0.7.48

0.7.49

0.7.50

0.7.51

0.7.53.1

Other

history+wikipost

remove

show

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-1213.json"