CVE-2025-12862

MEDIUM 6.3

projectworlds Online Notes Sharing Platform userprofile.php unrestricted upload

CVSS Score

6.3

EPSS Score

0.0%

EPSS Percentile

0th

A vulnerability was identified in projectworlds Online Notes Sharing Platform 1.0. Affected by this issue is some unknown functionality of the file /dashboard/userprofile.php. Such manipulation of the argument image leads to unrestricted upload. The attack may be performed from remote. The exploit is publicly available and might be used.

CWE	CWE-434 CWE-284
Vendor	projectworlds
Product	online notes sharing platform
Published	Nov 7, 2025
Last Updated	Feb 24, 2026

Stay Ahead of the Next One

Get instant alerts for projectworlds online notes sharing platform

Be the first to know when new medium vulnerabilities affecting projectworlds online notes sharing platform are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

projectworlds / Online Notes Sharing Platform

1.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/?id.331509 vuldb.com: https://vuldb.com/?ctiid.331509 vuldb.com: https://vuldb.com/?submit.679802 vuldb.com: https://vuldb.com/?submit.748850 github.com: https://github.com/K1nakoo/cve/blob/main/tmp74/report.md

Credits

🔍 K1nako (VulDB User)