CVE-2026-1213

Askbot 0.12.2 - Insecure Direct Object Reference (IDOR)

CVSS 5.3 MEDIUMEPSS 0.3%CWE-639

All versions of askbot before and including 0.12.2 allow an attacker authenticated with normal user permissions to modify the profile picture of other application users.This issue affects askbot: 0.12.2.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Affected products

askbot · askbot

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://askbot.com/https://fluidattacks.com/advisories/ghost https://github.com/ASKBOT/askbot-devel/commit/3da3d75f35204aa71633c7a315327ba39cb6295d