CVE-2025-12862

A vulnerability was identified in projectworlds Online Notes Sharing Platform 1.0. Affected by this issue is some unknown functionality of the file /dashboard/userprofile.php. Such manipulation of the argument image leads to unrestricted upload. The attack may be performed from remote. The exploit is publicly available and might be used.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
VulDBCNA
6.3 MEDIUM
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 13%
VendorProductVersion
projectworldsonline_notes_sharing_platform
1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/K1nakoo/cve/blob/main/tmp74/report.md
https://vuldb.com/?ctiid.331509
https://vuldb.com/?id.331509
https://vuldb.com/?submit.679802
https://github.com/K1nakoo/cve/blob/main/tmp74/report.md