Harry0703

harry0703

6 CVEs • 1 product

Products (1)

Click to collapse

Toggle

Moneyprinterturbo

moneyprinterturbo

CVEs (6)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-11607 1Harry0703 1Moneyprinterturbo Apr 29, 2026 Oct 11, 2025 2.1 LOW· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A weakness has been identified in harry0703 MoneyPrinterTurbo up to 1.2.6. The impacted element is the function upload_music of the file app/controllers/v1/music.py of the component API Endpoint. Executing a manipulation...Show more A weakness has been identified in harry0703 MoneyPrinterTurbo up to 1.2.6. The impacted element is the function upload_music of the file app/controllers/v1/music.py of the component API Endpoint. Executing a manipulation of the argument File can lead to path traversal. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks.Show less
CVE-2025-10472 1Harry0703 1Moneyprinterturbo Nov 21, 2025 Sep 15, 2025 5.5 MEDIUM· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A vulnerability has been found in harry0703 MoneyPrinterTurbo up to 1.2.6. The impacted element is the function download_video/stream_video of the file app/controllers/v1/video.py of the component URL Handler. The manipu...Show more A vulnerability has been found in harry0703 MoneyPrinterTurbo up to 1.2.6. The impacted element is the function download_video/stream_video of the file app/controllers/v1/video.py of the component URL Handler. The manipulation of the argument file_path leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2025-49089 1Harry0703 1Moneyprinterturbo Oct 2, 2025 Sep 15, 2025 N/A· v4 6.3 MEDIUM· v3 N/A· v2 wangxutech MoneyPrinterTurbo 1.2.6 allows path traversal via /api/v1/download/ URIs such as /api/v1/download//etc/passwd.
CVE-2025-7897 1Harry0703 1Moneyprinterturbo Nov 20, 2025 Jul 20, 2025 6.9 MEDIUM· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A vulnerability was found in harry0703 MoneyPrinterTurbo up to 1.2.6 and classified as critical. Affected by this issue is the function verify_token of the file app/controllers/base.py of the component API Endpoint. The...Show more A vulnerability was found in harry0703 MoneyPrinterTurbo up to 1.2.6 and classified as critical. Affected by this issue is the function verify_token of the file app/controllers/base.py of the component API Endpoint. The manipulation leads to missing authentication. The attack may be launched remotely.Show less
CVE-2025-7896 1Harry0703 1Moneyprinterturbo Nov 20, 2025 Jul 20, 2025 5.3 MEDIUM· v4 7.5 HIGH· v3 6.5 MEDIUM· v2 A vulnerability has been found in harry0703 MoneyPrinterTurbo up to 1.2.6 and classified as critical. Affected by this vulnerability is the function download_video/delete_video of the file app/controllers/v1/video.py. Th...Show more A vulnerability has been found in harry0703 MoneyPrinterTurbo up to 1.2.6 and classified as critical. Affected by this vulnerability is the function download_video/delete_video of the file app/controllers/v1/video.py. The manipulation leads to path traversal. The attack can be launched remotely.Show less
CVE-2025-7895 1Harry0703 1Moneyprinterturbo Nov 20, 2025 Jul 20, 2025 5.3 MEDIUM· v4 9.8 CRITICAL· v3 6.5 MEDIUM· v2 A vulnerability, which was classified as critical, was found in harry0703 MoneyPrinterTurbo up to 1.2.6. Affected is the function upload_bgm_file of the file app/controllers/v1/video.py of the component File Extension Ha...Show more A vulnerability, which was classified as critical, was found in harry0703 MoneyPrinterTurbo up to 1.2.6. Affected is the function upload_bgm_file of the file app/controllers/v1/video.py of the component File Extension Handler. The manipulation of the argument File leads to unrestricted upload. It is possible to launch the attack remotely.Show less