Zhangjx

**Name of the Vulnerable Software and Affected Versions** harry0703 MoneyPrinterTurbo versions through 1.2.6 **Description** A critical issue exists in harry0703 MoneyPrinterTurbo. The `upload bgm file` function within the File Extension Handler component, located in the `app/controllers/v1/video.py` file, allows for unrestricted file uploads due to manipulation of the `File` argument. This attack can be launched remotely. **Recommendations** Versions prior to 1.2.6 are affected. As a temporary workaround, consider restricting access to the `upload bgm file` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** harry0703 MoneyPrinterTurbo versions through 1.2.6 **Description** A critical vulnerability exists in harry0703 MoneyPrinterTurbo. The issue is a path traversal vulnerability affecting the `download video`/`delete video` function within the `app/controllers/v1/video.py` file. This allows for remote exploitation. **Recommendations** harry0703 MoneyPrinterTurbo versions prior to 1.2.6: As a temporary workaround, consider restricting access to the `download video` and `delete video` functions until a patch is available.

**Name of the Vulnerable Software and Affected Versions** harry0703 MoneyPrinterTurbo versions through 1.2.6 **Description** A critical issue exists in the `verify token` function within the `app/controllers/base.py` file of the API Endpoint component. This allows for missing authentication and may be exploited remotely. **Recommendations** Versions prior to 1.2.6 are affected. As a temporary workaround, consider disabling the `verify token()` function until a patch is available.