CVE-2025-10472 | harry0703 MoneyPrinterTurbo up to 1.2.6 URL video.py download_video/stream_video file_path path traversal

Inserito da Angelo Barbosa | Set 15, 2025 | CVE

A vulnerability, which was classified as critical, has been found in harry0703 MoneyPrinterTurbo up to 1.2.6. The impacted element is the function download_video/stream_video of the file app/controllers/v1/video.py of the component URL Handler. The manipulation of the argument file_path leads to path traversal.

This vulnerability is documented as CVE-2025-10472. The attack can be initiated remotely. Additionally, an exploit exists.

CVE-2025-10472 | harry0703 MoneyPrinterTurbo up to 1.2.6 URL video.py download_video/stream_video file_path path traversal

Post correlati

CVE-2024-11887 | Geo Content Plugin up to 6.0 on WordPress cross site scripting

CVE-2024-3549 | Blog2Social Plugin up to 7.4.1 on WordPress sql injection

CVE-2025-0435 | Google Chrome up to 131.0.6778.264 on Android Navigation ui layer

CVE-2024-4808 | Kashipara College Management System 1.0 delete_faculty.php id sql injection