CVE-2025-11607

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-11607

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-11607.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-11607

Published

2025-10-11T17:15:37.513Z

Modified

2025-11-23T03:10:16.507428Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A weakness has been identified in harry0703 MoneyPrinterTurbo up to 1.2.6. The impacted element is the function upload_music of the file app/controllers/v1/music.py of the component API Endpoint. Executing manipulation of the argument File can lead to path traversal. The attack may be performed from remote. The exploit has been made available to the public and could be exploited.

References

Affected packages

Git / github.com/harry0703/moneyprinterturbo

Affected ranges

Type: GIT
Repo: https://github.com/harry0703/moneyprinterturbo
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

0bfec956c52fb7f33813d69760073b5bdc4ec0bb

Affected versions

v1.*

v1.1.0

v1.1.2

v1.1.9

v1.2.0

v1.2.1

v1.2.2

v1.2.4

v1.2.5

v1.2.6