Timo Arbitrary File Upload Vulnerability Allowing Code Execution

Vulnerability

An arbitrary file upload vulnerability has been identified in Timo version 2.0.3, specifically within the userPicture component. This vulnerability allows attackers to execute arbitrary code by uploading a crafted file.

Impact

Exploitation of this vulnerability could lead to unauthorized code execution on the server.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

6.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

6.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Timo Arbitrary File Upload Vulnerability Allowing Code Execution

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating