osuuu LightPicture Unrestricted File Upload Vulnerability in Api.php

Vulnerability

A critical unrestricted file upload vulnerability has been identified in osuuu LightPicture version 1.2.2. The issue arises in the file upload function of the Api.php controller, where improper validation allows for unrestricted file uploads. This vulnerability can be exploited remotely.

Impact

Exploitation of this vulnerability allows for unrestricted file uploads, which could lead to various consequences depending on the application's file handling and execution capabilities.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.3

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.3

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

osuuu LightPicture Unrestricted File Upload Vulnerability in Api.php

Vulnerability

Impact

Affected Products

osuuu LightPicture

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating