Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-1213
PUBLISHED
More InfoOfficial Page
Assigner-Fluid Attacks
Assigner Org ID-84fe0718-d6bb-4716-a7e8-81a6d1daa869
View Known Exploited Vulnerability (KEV) details
Published At-27 Jan, 2026 | 14:04
Updated At-27 Jan, 2026 | 20:48
Rejected At-
▼CVE Numbering Authority (CNA)
Askbot 0.12.2 - Insecure Direct Object Reference (IDOR)

All versions of askbot before and including 0.12.2 allow an attacker authenticated with normal user permissions to modify the profile picture of other application users.This issue affects askbot: 0.12.2.

Affected Products
Vendor
askbot
Product
askbot
Collection URL
https://pypi.python.org
Package Name
askbot
Platforms
  • Windows
  • MacOS
  • Linux
Default Status
unaffected
Versions
Affected
  • 0.12.2
Problem Types
TypeCWE IDDescription
CWECWE-639CWE-639 Authorization Bypass Through User-Controlled Key
Type: CWE
CWE ID: CWE-639
Description: CWE-639 Authorization Bypass Through User-Controlled Key
Metrics
VersionBase scoreBase severityVector
4.05.3MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
Version: 4.0
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-180CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels
CAPEC ID: CAPEC-180
Description: CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Daniel Celis
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://fluidattacks.com/advisories/ghost
third-party-advisory
https://askbot.com/
product
https://github.com/ASKBOT/askbot-devel/commit/3da3d75f35204aa71633c7a315327ba39cb6295d
patch
Hyperlink: https://fluidattacks.com/advisories/ghost
Resource:
third-party-advisory
Hyperlink: https://askbot.com/
Resource:
product
Hyperlink: https://github.com/ASKBOT/askbot-devel/commit/3da3d75f35204aa71633c7a315327ba39cb6295d
Resource:
patch
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found