CVE-2022-25115

A remote code execution (RCE) vulnerability in the Avatar parameter under /admin/?page=user/manage_user of Home Owners Collection Management System v1.0 allows attackers to execute arbitrary code via a crafted PNG file. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt