CNNVD-202509-3187 Information

CNNVD ID

CNNVD-202509-3187

Related CVE

CVE-2025-10741

• CNNVD Published: 2025-09-20

Description (Chinese)

Selleo Mentingo是波兰Selleo公司的一款企业内部培训与员工发展平台。 Selleo Mentingo 2025.08.27及之前版本存在代码问题漏洞，该漏洞源于Profile Picture Handler组件中对参数userAvatar的验证不足，可能导致任意文件上传。

Description (English)

Selleo Mentingo is an in-house training and staff development platform for the Polish company Seleo. Selleo Mentingo 2025.08.27 and previous versions had a code problem loophole, which stemmed from the inadequate verification of the parameter user Avatar in the Profile Picture Handler component, which could lead to the uploading of any document.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

Sensaphone

Published

2025-09-20

Last Modified

2026-02-24

References

https://gist.github.com/KhanMarshaI/7a2e74fcb194f7d6ee7e60da4a14af7b https://gist.github.com/KhanMarshaI/ba3e74b331ce4ab602a5a22a59aaf819 https://vuldb.com/?ctiid.325068 https://vuldb.com/?id.325068 https://vuldb.com/?submit.645385 https://access.redhat.com/security/cve/cve-2025-10741