Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

CVE-2026-10806

Gravedad CVSS v4.0:
BAJA
Tipo:
CWE-284 Control de acceso incorrecto
Fecha de publicación:
04/06/2026
Última modificación:
04/06/2026

Descripción

*** Pendiente de traducción *** A vulnerability was found in mjperpinosa stumasy. The affected element is an unknown function of the file application/PHP/objects/updates/add_post.php. Performing a manipulation of the argument up_file_to_post results in unrestricted upload. The attack may be initiated remotely. The exploit has been made public and could be used. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The project was informed of the problem early through an issue report but has not responded yet.

Impacto

Puntuación base 4.0
2.10
Gravedad 4.0
BAJA
Puntuación base 3.x
6.30
Gravedad 3.x
MEDIA
Puntuación base 2.0
6.50
Gravedad 2.0
MEDIA