A vulnerability described as critical has been identified in mjperpinosa stumasy . The impacted element is an unknown function of the file application/PHP/objects/profiles/change_profile_image.php . Executing a manipulation of the argument pr_profile_image can lead to unrestricted upload. The identification of this vulnerability is CVE-2026-10807 . The attack may be launched remotely. Furthermore, there is an exploit available. This product operates on a rolling release basis, ensuring continuou