All versions of askbot before and including 0.12.2 allow an attacker authenticated with normal user permissions to modify the profile picture of other application users.This issue affects askbot: 0.12.2.
CVSS Score
5.3
EPSS Score
0.0
Published
2026-01-27