Lightpicture
Monthly
Hard-coded credentials in osuuu LightPicture versions up to 1.2.2 allow unauthenticated remote attackers to bypass authentication via the /public/install/lp.sql file at the API upload endpoint. The vulnerability enables unauthorized access with confidentiality, integrity, and availability impacts. A public exploit exists (CVSS:3.1 E:P), significantly lowering the attack barrier. The vendor was notified but has not responded or issued patches.
A vulnerability classified as problematic was found in osuuu LightPicture up to 1.2.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Hard-coded credentials in osuuu LightPicture versions up to 1.2.2 allow unauthenticated remote attackers to bypass authentication via the /public/install/lp.sql file at the API upload endpoint. The vulnerability enables unauthorized access with confidentiality, integrity, and availability impacts. A public exploit exists (CVSS:3.1 E:P), significantly lowering the attack barrier. The vendor was notified but has not responded or issued patches.
A vulnerability classified as problematic was found in osuuu LightPicture up to 1.2.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.