technical-laohu mpay QR Code Image unrestricted upload_CVE-2026-1152

5.1 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A security vulnerability has been detected in technical-laohu mpay up to 1.2.4. The impacted element is an unknown function of the component QR Code Image Handler. Such manipulation of the argument codeimg leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.

Basic Information

ID CVE-2026-1152

Source VulDB

Published Jan 19, 2026 at 11:32

Affected Product

Vendor technical-laohu

Product mpay

Version 1.2.0

Affected Versions technical-laohu mpay 1.2.0
technical-laohu mpay 1.2.1
technical-laohu mpay 1.2.2
technical-laohu mpay 1.2.3
technical-laohu mpay 1.2.4

CWE Classification

CWE-434 CWE-284

References

{
    "lastseen": "",
    "description": "A security vulnerability has been detected in technical-laohu mpay up to 1.2.4. The impacted element is an unknown function of the component QR Code Image Handler. Such manipulation of the argument codeimg leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.",
    "published": "2026-01-19T11:32:05.948Z",
    "modified": "2026-01-19T11:32:05.948Z",
    "type": "cve",
    "title": "technical-laohu mpay QR Code Image unrestricted upload",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.341745\nhttps://vuldb.com/?ctiid.341745\nhttps://vuldb.com/?submit.735775\nhttps://github.com/bdkuzma/vuln/issues/17",
    "id": "CVE-2026-1152",
    "bulletinFamily": "",
    "cwe": [
        "CWE-434",
        "CWE-284"
    ],
    "cvelist": null,
    "sourceData": "technical-laohu mpay 1.2.0\ntechnical-laohu mpay 1.2.1\ntechnical-laohu mpay 1.2.2\ntechnical-laohu mpay 1.2.3\ntechnical-laohu mpay 1.2.4",
    "sourceHref": "",
    "cvss": {
        "score": 5.1,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "mpay",
    "version": "1.2.0",
    "vendor": "technical-laohu",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}