CVE-2025-11607

Summary

A weakness has been identified in harry0703 MoneyPrinterTurbo up to 1.2.6. The impacted element is the function upload_music of the file app/controllers/v1/music.py of the component API Endpoint. Executing a manipulation of the argument File can lead to path traversal. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks.

Affected Software

VendorProductVersion RangeStatus
harry0703MoneyPrinterTurbo1.2.0affected
harry0703MoneyPrinterTurbo1.2.1affected
harry0703MoneyPrinterTurbo1.2.2affected
harry0703MoneyPrinterTurbo1.2.3affected
harry0703MoneyPrinterTurbo1.2.4affected
harry0703MoneyPrinterTurbo1.2.5affected
harry0703MoneyPrinterTurbo1.2.6affected

Weaknesses

  • CWE-22: Path Traversal

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References