CVE-2025-10472

Опубликовано: 15 сент. 2025

Источник: nvd

CVSS3: 5.3

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

A vulnerability has been found in harry0703 MoneyPrinterTurbo up to 1.2.6. The impacted element is the function download_video/stream_video of the file app/controllers/v1/video.py of the component URL Handler. The manipulation of the argument file_path leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Ссылки

https://vuldb.com/?ctiid.323892
Permissions Required
VDB Entry
https://vuldb.com/?id.323892
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.648393
Third Party Advisory
VDB Entry
https://www.notion.so/Path-Traversal-Vulnerability-in-MoneyPrinterTurbo-1-2-6-265014c4d9ca80e38da4deaeee8b46f5?source=copy_link
Exploit
Third Party Advisory
https://www.notion.so/Path-Traversal-Vulnerability-in-MoneyPrinterTurbo-1-2-6-265014c4d9ca80e38da4deaeee8b46f5
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:harry0703:moneyprinterturbo:*:*:*:*:*:*:*:*

Версия до 1.2.6 (включая)

EPSS

Процентиль: 45%

0.00227

Низкий

5.3 Medium

CVSS3

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-2cm7-6jf8-mmc8

CVSS3: 5.3

github

5 месяцев назад

EPSS

Процентиль: 45%

0.00227

Низкий

5.3 Medium

CVSS3

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-22