제출 #608941: Harry Yu MoneyPrinterTurbo v1.2.6 Unauthorized Access (Path Traversal)정보

제목Harry Yu MoneyPrinterTurbo v1.2.6 Unauthorized Access (Path Traversal)
설명app/controllers/v1/video.py:268-287 / download_video function: Lacks path validation for 'file_path', allowing access to the file system using relative paths (e.g., ../). Contains a path traversal vulnerability that enables attackers to download arbitrary files on the system.
사용자
 zhangjx (UID 87395)
제출2025. 07. 04. AM 06:49 (12 개월 ago)
모더레이션2025. 07. 19. PM 01:20 (15 days later)
상태수락
VulDB 항목317011 [harry0703 MoneyPrinterTurbo 까지 1.2.6 video.py download_video/delete_video 디렉토리 순회]
포인트들15

이전개요다음

Might our Artificial Intelligence support you?

Check our Alexa App!