harry0703 MoneyPrinterTurbo File Extension video.py upload_bgm_file unrestricted upload_CVE-2025-7895

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X

Description

A vulnerability, which was classified as critical, was found in harry0703 MoneyPrinterTurbo up to 1.2.6. Affected is the function upload_bgm_file of the file app/controllers/v1/video.py of the component File Extension Handler. The manipulation of the argument File leads to unrestricted upload. It is possible to launch the attack remotely.

Basic Information

ID CVE-2025-7895

Source VulDB

Published Jul 20, 2025 at 14:32

Modified Jul 21, 2025 at 13:09

Affected Product

Vendor harry0703

Product MoneyPrinterTurbo

Version 1.2.0

Affected Versions harry0703 MoneyPrinterTurbo 1.2.0
harry0703 MoneyPrinterTurbo 1.2.1
harry0703 MoneyPrinterTurbo 1.2.2
harry0703 MoneyPrinterTurbo 1.2.3
harry0703 MoneyPrinterTurbo 1.2.4
harry0703 MoneyPrinterTurbo 1.2.5
harry0703 MoneyPrinterTurbo 1.2.6

CWE Classification

CWE-434 CWE-284

References

{
    "lastseen": "",
    "description": "A vulnerability, which was classified as critical, was found in harry0703 MoneyPrinterTurbo up to 1.2.6. Affected is the function upload_bgm_file of the file app/controllers/v1/video.py of the component File Extension Handler. The manipulation of the argument File leads to unrestricted upload. It is possible to launch the attack remotely.",
    "published": "2025-07-20T14:32:04.998Z",
    "modified": "2025-07-21T13:09:18.390Z",
    "type": "cve",
    "title": "harry0703 MoneyPrinterTurbo File Extension video.py upload_bgm_file unrestricted upload",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.317010\nhttps://vuldb.com/?ctiid.317010\nhttps://vuldb.com/?submit.608940",
    "id": "CVE-2025-7895",
    "bulletinFamily": "",
    "cwe": [
        "CWE-434",
        "CWE-284"
    ],
    "cvelist": null,
    "sourceData": "harry0703 MoneyPrinterTurbo 1.2.0\nharry0703 MoneyPrinterTurbo 1.2.1\nharry0703 MoneyPrinterTurbo 1.2.2\nharry0703 MoneyPrinterTurbo 1.2.3\nharry0703 MoneyPrinterTurbo 1.2.4\nharry0703 MoneyPrinterTurbo 1.2.5\nharry0703 MoneyPrinterTurbo 1.2.6",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "MoneyPrinterTurbo",
    "version": "1.2.0",
    "vendor": "harry0703",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}