CVE-2026-6574 | osuuu LightPicture up to 1.2.2 API Upload Endpoint /public/install/lp.sql key hard-coded credentials

Inserito da Angelo Barbosa | Apr 18, 2026 | CVE

A vulnerability was found in osuuu LightPicture up to 1.2.2 and classified as critical. This issue affects some unknown processing of the file /public/install/lp.sql of the component API Upload Endpoint. Such manipulation of the argument key leads to hard-coded credentials.

This vulnerability is listed as CVE-2026-6574. The attack may be performed from remote. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-6574 | osuuu LightPicture up to 1.2.2 API Upload Endpoint /public/install/lp.sql key hard-coded credentials

Post correlati

CVE-2023-52344 | Unisoc T760/T770/T820/S8000 modem-ps-nas-ngmm information disclosure

CVE-2025-0283 | Ivanti Connect Secure up to 22.7 stack-based overflow

CVE-2025-65518 | Plesk Obsidian up to 18.0.73 Web Interface get_password.php denial of service

CVE-2025-24364 | dani-garcia vaultwarden up to 1.32.x Admin Panel injection