Primary

Context

Deporsite by T-INNOVA Lack of Authorization Vulnerability Allowing Profile Picture Changes

Vulnerability

A lack of authorization vulnerability exists in Deporsite by T-INNOVA, specifically in versions prior to DSuite 2025 v02.14.1115. This vulnerability enables an unauthenticated attacker to alter the profile pictures of other users. The issue arises from the application's failure to properly authorize requests, allowing unauthorized modifications through a POST request that includes the 'IdPersona' and 'Foto' parameters.

Impact

Exploitation of this vulnerability allows for unauthorized changes to user profile pictures, potentially leading to impersonation or misrepresentation.

Remediation

Users can update to Deporsite version DSuite 2025 v02.14.1115 to address this vulnerability.

Added: Sep 2, 2025, 9:20 AM

Updated: Sep 2, 2025, 4:12 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Deporsite by T-INNOVA Lack of Authorization Vulnerability Allowing Profile Picture Changes

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating