CVE-2025-1835 | osuuu LightPicture 1.2.2 /app/controller/Api.php upload file unrestricted upload

Inserito da Angelo Barbosa | Mar 1, 2025 | CVE

A vulnerability has been found in osuuu LightPicture 1.2.2 and classified as critical. This vulnerability affects the function upload of the file /app/controller/Api.php. The manipulation of the argument file leads to unrestricted upload.

This vulnerability was named CVE-2025-1835. The attack can be initiated remotely. Furthermore, there is an exploit available.

CVE-2025-1835 | osuuu LightPicture 1.2.2 /app/controller/Api.php upload file unrestricted upload

Post correlati

CVE-2024-13227 | rankmath Rank Math SEO Plugin up to 1.0.235 on WordPress cross site scripting

CVE-2024-7354 | Ninja Forms Plugin up to 3.8.10 on WordPress cross site scripting

CVE-2024-7858 | Media Library Folders Plugin up to 8.2.3 on WordPress authorization

CVE-2024-26278 | Joomla CMS up to 3.10.15/4.4.5/5.1.1 Custom Fields cross site scripting