Lightpicture
by Osuuu
Source repositories
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-6574 | Hig | 0.47 | 7.3 | 0.00 | Apr 19, 2026 | A vulnerability has been found in osuuu LightPicture up to 1.2.2. This issue affects some unknown processing of the file /public/install/lp.sql of the component API Upload Endpoint. Such manipulation of the argument key leads to hard-coded credentials. The attack may be… | ||
| CVE-2025-1835 | Med | 0.41 | 6.3 | 0.00 | Mar 2, 2025 | A vulnerability has been found in osuuu LightPicture 1.2.2 and classified as critical. This vulnerability affects the function upload of the file /app/controller/Api.php. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely.… | ||
| CVE-2024-1920 | Med | 0.36 | 5.6 | 0.01 | Feb 27, 2024 | A vulnerability, which was classified as critical, has been found in osuuu LightPicture up to 1.2.2. This issue affects the function handle of the file /app/middleware/TokenVerify.php. The manipulation leads to use of hard-coded cryptographic key . The attack may be initiated… | ||
| CVE-2024-1921 | Med | 0.31 | 4.7 | 0.01 | Feb 27, 2024 | A vulnerability, which was classified as critical, was found in osuuu LightPicture up to 1.2.2. Affected is an unknown function of the file /app/controller/Setup.php. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has… | ||
| CVE-2024-13141 | Low | 0.23 | 3.5 | 0.00 | Jan 5, 2025 | A vulnerability classified as problematic was found in osuuu LightPicture up to 1.2.2. This vulnerability affects unknown code of the file /api/upload of the component SVG File Upload Handler. The manipulation of the argument file leads to cross site scripting. The attack can be… |
- risk 0.47cvss 7.3epss 0.00
A vulnerability has been found in osuuu LightPicture up to 1.2.2. This issue affects some unknown processing of the file /public/install/lp.sql of the component API Upload Endpoint. Such manipulation of the argument key leads to hard-coded credentials. The attack may be…
- risk 0.41cvss 6.3epss 0.00
A vulnerability has been found in osuuu LightPicture 1.2.2 and classified as critical. This vulnerability affects the function upload of the file /app/controller/Api.php. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely.…
- risk 0.36cvss 5.6epss 0.01
A vulnerability, which was classified as critical, has been found in osuuu LightPicture up to 1.2.2. This issue affects the function handle of the file /app/middleware/TokenVerify.php. The manipulation leads to use of hard-coded cryptographic key . The attack may be initiated…
- risk 0.31cvss 4.7epss 0.01
A vulnerability, which was classified as critical, was found in osuuu LightPicture up to 1.2.2. Affected is an unknown function of the file /app/controller/Setup.php. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has…
- risk 0.23cvss 3.5epss 0.00
A vulnerability classified as problematic was found in osuuu LightPicture up to 1.2.2. This vulnerability affects unknown code of the file /api/upload of the component SVG File Upload Handler. The manipulation of the argument file leads to cross site scripting. The attack can be…