Submit #735775: https://gitee.com/technical-laohu/mpay mpay v1.2.4 Arbitrary file upload vulnerabilityinfo

Titlehttps://gitee.com/technical-laohu/mpay mpay v1.2.4 Arbitrary file upload vulnerability
DescriptionThere is an arbitrary file upload vulnerability in the QR code image upload function of mpay account management in the latest v1.2.4 version,Attackers can upload malicious files (such as webshells, viruses, and malicious scripts) to gain control of the server or steal sensitive information.
Source⚠️ https://github.com/bdkuzma/vuln/issues/17
User
 baihekuz (UID 84516)
Submission01/10/2026 05:22 AM (1 month ago)
Moderation01/18/2026 02:59 PM (8 days later)
StatusAccepted
VulDB entry341745 [technical-laohu mpay up to 1.2.4 QR Code Image codeimg unrestricted upload]
Points18

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!