Security Advisory

CVE-2025-41031

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-09-02 08:15:47
Last updated 2025-09-02 13:46:07
Assigner INCIBE
State PUBLISHED

Description

Lack of authorisation in Deporsite by T-INNOVA. This vulnerability allows an unauthenticated attacker to change other users profile pictures via a POST request using the parameters ‘IdPersona’ and “Foto” in ‘/ajax/TInnova_c/FotoUsuario/llamadaAjax/uploadImage’.