Primary

Context

Themesbrand Chatvia Arbitrary Code Execution Vulnerability in User Profile Image Upload

Vulnerability

A vulnerability in Themesbrand Chatvia version 5.3.2 allows remote attackers to execute arbitrary code by exploiting the image upload feature in user profiles. The issue arises from improper handling of uploaded files, which can be manipulated to execute malicious code.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the server where Chatvia is hosted.

Reproduction

To reproduce this vulnerability, first upload a file through the user profile image upload function. Then, intercept the upload request and modify the file type and content to include a malicious HTML file with embedded JavaScript. After sending the modified request, the uploaded file can be accessed via its URL, which will execute the embedded JavaScript, demonstrating the successful exploitation of the vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

6.3

remediation

0.0

relevance

0.0

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

6.3

remediation

0.0

relevance

0.0

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Themesbrand Chatvia Arbitrary Code Execution Vulnerability in User Profile Image Upload

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating