Xuansama

**Name of the Vulnerable Software and Affected Versions** harry0703 MoneyPrinterTurbo versions through 1.2.6 **Description** A flaw exists in the `upload music` function within the `app/controllers/v1/music.py` file of the API Endpoint component. Manipulation of the `File` argument can result in path traversal. This issue is remotely exploitable and details about the exploit are publicly available. **Recommendations** Versions prior to 1.2.6 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** harry0703 MoneyPrinterTurbo versions through 1.2.6 **Description** A path traversal vulnerability exists in the `download video`/`stream video` function within the `app/controllers/v1/video.py` file of the URL Handler component. Manipulation of the `file path` argument can lead to unauthorized access. The attack can be initiated remotely. The exploit has been disclosed to the public. **Recommendations** harry0703 MoneyPrinterTurbo versions prior to 1.2.6: Address the path traversal issue by sanitizing or validating the `file path` argument within the `download video`/`stream video` function in `app/controllers/v1/video.py`.