← Back

Neprofile

neprofile

Vendor: Seczetta • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2020-12855
1Seczetta
1Neprofile
Jun 17, 2026
Aug 26, 2020
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
A Host header injection vulnerability has been discovered in SecZetta NEProfile 3.3.11. Authenticated remote adversaries can poison this header resulting in an adversary controlling the execution flow for the 302 HTTP st...Show more
A Host header injection vulnerability has been discovered in SecZetta NEProfile 3.3.11. Authenticated remote adversaries can poison this header resulting in an adversary controlling the execution flow for the 302 HTTP status.Show less
CVE-2020-12854
1Seczetta
1Neprofile
Jun 17, 2026
Jul 15, 2020
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
A remote code execution vulnerability was identified in SecZetta NEProfile 3.3.11. Authenticated remote adversaries can invoke code execution upon uploading a carefully crafted JPEG file as part of the profile avatar.