Name of the Vulnerable Software and Affected Versions: Deporsite by T-INNOVA (affected versions not specified) Description: A lack of authorization exists in Deporsite by T-INNOVA. An unauthenticated attacker can modify other users' profile pictures by sending a POST request to the /ajax/TInnova c/FotoUsuario/llamadaAjax/uploadImage API endpoint. The request utilizes the IdPersona and Foto parameters to perform this action. Recommendations: At the moment, there is no information about a newer version that contains a fix for this…Read More
PT-2025-35544
