Unrestricted File Upload Vulnerability in osuuu LightPicture Affects Version 1.2.2
CVE-2025-1835

5.3MEDIUM

Key Information:

Vendor: Osuuu
Status: Lightpicture
Vendor: CVE Published:; 2 March 2025

Badges

👾 Exploit Exists

What is CVE-2025-1835?

A vulnerability identified in osuuu LightPicture version 1.2.2 allows for unrestricted file uploads via the /app/controller/Api.php endpoint. This flaw arises from improper validation of user inputs, enabling attackers to initiate remote exploits by manipulating the file parameter. The disclosure of this vulnerability poses significant risks, as it could be leveraged to upload malicious files to the server, potentially compromising the integrity and security of the affected system.

Affected Version(s)

LightPicture 1.2.2

References

https://vuldb.com/?id.298102

vdb-entrytechnical-description

https://vuldb.com/?ctiid.298102

signaturepermissions-required

https://vuldb.com/?submit.505007

third-party-advisory

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Mar 2, 2025
Vulnerability published
Mar 2, 2025
Vulnerability Reserved
Mar 1, 2025

Credit

sheratan (VulDB User)

CVE-2025-1835 Data

JSON

Osuuu