CVE-2025-11607

Name of the Vulnerable Software and Affected Versions harry0703 MoneyPrinterTurbo versions through 1.2.6

Description A flaw exists in the upload music function within the app/controllers/v1/music.py file of the API Endpoint component. Manipulation of the File argument can result in path traversal. This issue is remotely exploitable and details about the exploit are publicly available.

Recommendations Versions prior to 1.2.6 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.