CVE-2025-7895 | harry0703 MoneyPrinterTurbo up to 1.2.6 File Extension video.py upload_bgm_file unrestricted upload

Inserito da Angelo Barbosa | Lug 19, 2025 | CVE

A vulnerability, which was classified as critical, was found in harry0703 MoneyPrinterTurbo up to 1.2.6. Affected is the function upload_bgm_file of the file app/controllers/v1/video.py of the component File Extension Handler. The manipulation of the argument File leads to unrestricted upload.

This vulnerability is traded as CVE-2025-7895. It is possible to launch the attack remotely. There is no exploit available.

CVE-2025-7895 | harry0703 MoneyPrinterTurbo up to 1.2.6 File Extension video.py upload_bgm_file unrestricted upload

Post correlati

CVE-2023-5816 | Code Explorer Plugin up to 1.4.5 on WordPress information disclosure

CVE-2024-54138 | NuGet Gallery 2024.05.28 Autolinks cross site scripting (GHSA-x448-p234-x5p8)

CVE-2025-0994 | Trimble Cityworks up to 23.9 MS IIS deserialization (icsa-25-037-04)

CVE-2025-6499 | vstakhov libucl up to 0.9.2 src/ucl_parser.c ucl_parse_multiline_string heap-based overflow (Issue 319)