Primary

Context

Themesbrand ChatVia Insecure Permissions Vulnerability Allowing Privilege Escalation

Vulnerability

A vulnerability in Themesbrand ChatVia version 5.3.2 allows remote attackers to escalate privileges by exploiting insecure permissions in the user profile name and image upload functions.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation.

Reproduction

To reproduce this vulnerability, first capture a request that uploads a profile image. Then, modify the request to change the file type and content to an HTML file containing JavaScript code. After uploading the malicious file, it can be accessed via a URL that is generated by the application.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.6

remediation

0.0

relevance

0.0

threat

1.6

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.6

remediation

0.0

relevance

0.0

threat

1.6

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Themesbrand ChatVia Insecure Permissions Vulnerability Allowing Privilege Escalation

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating