← Back

Moneyprinterturbo

moneyprinterturbo

Vendor: Harry0703 • 6 CVEs

CVEs (6)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2025-11607
1Harry0703
1Moneyprinterturbo
Apr 29, 2026
Oct 11, 2025
2.1 LOW· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
A weakness has been identified in harry0703 MoneyPrinterTurbo up to 1.2.6. The impacted element is the function upload_music of the file app/controllers/v1/music.py of the component API Endpoint. Executing a manipulation...Show more
A weakness has been identified in harry0703 MoneyPrinterTurbo up to 1.2.6. The impacted element is the function upload_music of the file app/controllers/v1/music.py of the component API Endpoint. Executing a manipulation of the argument File can lead to path traversal. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks.Show less
CVE-2025-10472
1Harry0703
1Moneyprinterturbo
Nov 21, 2025
Sep 15, 2025
5.5 MEDIUM· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
A vulnerability has been found in harry0703 MoneyPrinterTurbo up to 1.2.6. The impacted element is the function download_video/stream_video of the file app/controllers/v1/video.py of the component URL Handler. The manipu...Show more
A vulnerability has been found in harry0703 MoneyPrinterTurbo up to 1.2.6. The impacted element is the function download_video/stream_video of the file app/controllers/v1/video.py of the component URL Handler. The manipulation of the argument file_path leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2025-49089
1Harry0703
1Moneyprinterturbo
Oct 2, 2025
Sep 15, 2025
N/A· v4
6.3 MEDIUM· v3
N/A· v2
wangxutech MoneyPrinterTurbo 1.2.6 allows path traversal via /api/v1/download/ URIs such as /api/v1/download//etc/passwd.
CVE-2025-7897
1Harry0703
1Moneyprinterturbo
Nov 20, 2025
Jul 20, 2025
6.9 MEDIUM· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
A vulnerability was found in harry0703 MoneyPrinterTurbo up to 1.2.6 and classified as critical. Affected by this issue is the function verify_token of the file app/controllers/base.py of the component API Endpoint. The...Show more
A vulnerability was found in harry0703 MoneyPrinterTurbo up to 1.2.6 and classified as critical. Affected by this issue is the function verify_token of the file app/controllers/base.py of the component API Endpoint. The manipulation leads to missing authentication. The attack may be launched remotely.Show less
CVE-2025-7896
1Harry0703
1Moneyprinterturbo
Nov 20, 2025
Jul 20, 2025
5.3 MEDIUM· v4
7.5 HIGH· v3
6.5 MEDIUM· v2
A vulnerability has been found in harry0703 MoneyPrinterTurbo up to 1.2.6 and classified as critical. Affected by this vulnerability is the function download_video/delete_video of the file app/controllers/v1/video.py. Th...Show more
A vulnerability has been found in harry0703 MoneyPrinterTurbo up to 1.2.6 and classified as critical. Affected by this vulnerability is the function download_video/delete_video of the file app/controllers/v1/video.py. The manipulation leads to path traversal. The attack can be launched remotely.Show less
CVE-2025-7895
1Harry0703
1Moneyprinterturbo
Nov 20, 2025
Jul 20, 2025
5.3 MEDIUM· v4
9.8 CRITICAL· v3
6.5 MEDIUM· v2
A vulnerability, which was classified as critical, was found in harry0703 MoneyPrinterTurbo up to 1.2.6. Affected is the function upload_bgm_file of the file app/controllers/v1/video.py of the component File Extension Ha...Show more
A vulnerability, which was classified as critical, was found in harry0703 MoneyPrinterTurbo up to 1.2.6. Affected is the function upload_bgm_file of the file app/controllers/v1/video.py of the component File Extension Handler. The manipulation of the argument File leads to unrestricted upload. It is possible to launch the attack remotely.Show less