CVE-2026-1152

Summary

A security vulnerability has been detected in technical-laohu mpay up to 1.2.4. The impacted element is an unknown function of the component QR Code Image Handler. Such manipulation of the argument codeimg leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.

Affected Software

VendorProductVersion RangeStatus
technical-laohumpay1.2.0affected
technical-laohumpay1.2.1affected
technical-laohumpay1.2.2affected
technical-laohumpay1.2.3affected
technical-laohumpay1.2.4affected

Weaknesses

  • CWE-434: Unrestricted Upload
  • CWE-284: Improper Access Controls

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References