Technical-Laohu Mpay Unrestricted File Upload Vulnerability in QR Code Image Handler

Vulnerability

A vulnerability allowing arbitrary file uploads has been identified in Technical-Laohu Mpay versions through 1.2.4. The issue arises in the QR Code Image Handler component, where manipulation of the 'codeimg' argument enables unrestricted file uploads. This vulnerability can be exploited remotely, with public knowledge of the exploit available.

Impact

Exploitation of this vulnerability allows for arbitrary file uploads, which could lead to the execution of malicious files on the server, such as web shells or viruses, potentially allowing attackers to gain control of the server or steal sensitive information.

Added: Jan 19, 2026, 12:23 PM

Updated: Jan 19, 2026, 12:23 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

6.6

remediation

0.0

relevance

2.2

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

6.6

remediation

0.0

relevance

2.2

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Technical-Laohu Mpay Unrestricted File Upload Vulnerability in QR Code Image Handler

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating