CVE-2025-11607 | harry0703 MoneyPrinterTurbo up to 1.2.6 API Endpoint music.py upload_music File path traversal

Inserito da Angelo Barbosa | Ott 10, 2025 | CVE

A vulnerability was found in harry0703 MoneyPrinterTurbo up to 1.2.6. It has been declared as critical. The impacted element is the function upload_music of the file app/controllers/v1/music.py of the component API Endpoint. Executing manipulation of the argument File can lead to path traversal.

This vulnerability appears as CVE-2025-11607. The attack may be performed from remote. In addition, an exploit is available.

CVE-2025-11607 | harry0703 MoneyPrinterTurbo up to 1.2.6 API Endpoint music.py upload_music File path traversal

Post correlati

CVE-2025-6735 | juzaweb CMS 3.4.2 Import Page /admin-cp/imports improper authorization

CVE-2024-56998 | PHPGurukul Hospital Management System 4.0 /edit-profile.php address cross site scripting

CVE-2025-58462 | OPEXUS FOIAXpress Public Access Link 11.1.0/11.12.3.0 SearchPopularDocs.aspx sql injection

CVE-2024-41886 | Hanwha Vision XRN-420S up to 5.01.62 URL Input denial of service