CVE-2026-10807
MEDIUMmjperpinosa stumasy change_profile_image.php unrestricted upload
Title source: cnaDescription
A vulnerability was determined in mjperpinosa stumasy. The impacted element is an unknown function of the file application/PHP/objects/profiles/change_profile_image.php. Executing a manipulation of the argument pr_profile_image can lead to unrestricted upload. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. The project was informed of the problem early through an issue report but has not responded yet.
References (6)
Core 6
Core References
Vdb Entry, Technical Description vdb-entry
technical-description
VDB-368255 | mjperpinosa stumasy change_profile_image.php unrestricted upload
https://vuldb.com/vuln/368255
Signature, Permissions Required signature
permissions-required
VDB-368255 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/vuln/368255/cti
Third Party Advisory third-party-advisory
CVE-2026-10807 | CVE Analysis and Report
https://vuldb.com/cve/CVE-2026-10807
Third Party Advisory third-party-advisory
Submit #831551 | mjperpinosa stumasy 1.0 RCE vulnerability
https://vuldb.com/submit/831551
Exploit exploit
issue-tracking
https://github.com/mjperpinosa/stumasy/issues/3
Product product
https://github.com/mjperpinosa/stumasy/
Scores
CVSS v3
6.3
EPSS
0.0021
EPSS Percentile
11.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-284
CWE-434
Status
published
Products (3)
mjperpinosa/stumasy
25d695901fbb586bf184b8ba73456d8e5311656c
mjperpinosa/stumasy
327d1b0f2915ba79d7ef8ebb74553e987609d9be
mjperpinosa/stumasy
79c86fce86a09adc6edcbd6d56115fbff14ed538
Published
Jun 04, 2026
Tracked Since
Jun 04, 2026