Описание
A vulnerability, which was classified as critical, was found in harry0703 MoneyPrinterTurbo up to 1.2.6. Affected is the function upload_bgm_file of the file app/controllers/v1/video.py of the component File Extension Handler. The manipulation of the argument File leads to unrestricted upload. It is possible to launch the attack remotely.
EPSS
Процентиль: 11%
0.00041
Низкий
6.3 Medium
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-284
Связанные уязвимости
CVSS3: 6.3
github
около 2 месяцев назад
A vulnerability, which was classified as critical, was found in harry0703 MoneyPrinterTurbo up to 1.2.6. Affected is the function upload_bgm_file of the file app/controllers/v1/video.py of the component File Extension Handler. The manipulation of the argument File leads to unrestricted upload. It is possible to launch the attack remotely.
EPSS
Процентиль: 11%
0.00041
Низкий
6.3 Medium
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-284