22 matches found
CVE-2026-1153
A vulnerability was detected in technical-laohu mpay up to 1.2.4. This affects an unknown function. Performing a manipulation results in cross-site request forgery. Remote exploitation of the attack is possible. The exploit is now public and may be used...
CVE-2026-1153
A vulnerability was detected in technical-laohu mpay up to 1.2.4. This affects an unknown function. Performing a manipulation results in cross-site request forgery. Remote exploitation of the attack is possible. The exploit is now public and may be used...
CVE-2026-1153
A vulnerability was detected in technical-laohu mpay up to 1.2.4. This affects an unknown function. Performing a manipulation results in cross-site request forgery. Remote exploitation of the attack is possible. The exploit is now public and may be used...
CVE-2026-1152
A security vulnerability has been detected in technical-laohu mpay up to 1.2.4. The impacted element is an unknown function of the component QR Code Image Handler. Such manipulation of the argument codeimg leads to unrestricted upload. The attack may be launched remotely. The exploit has been...
CVE-2026-1152
A security vulnerability has been detected in technical-laohu mpay up to 1.2.4. The impacted element is an unknown function of the component QR Code Image Handler. Such manipulation of the argument codeimg leads to unrestricted upload. The attack may be launched remotely. The exploit has been...
CVE-2026-1153 technical-laohu mpay cross-site request forgery
A vulnerability was detected in technical-laohu mpay up to 1.2.4. This affects an unknown function. Performing a manipulation results in cross-site request forgery. Remote exploitation of the attack is possible. The exploit is now public and may be used...
CVE-2026-1153
A vulnerability was detected in technical-laohu mpay up to 1.2.4. This affects an unknown function. Performing a manipulation results in cross-site request forgery. Remote exploitation of the attack is possible. The exploit is now public and may be used...
CVE-2026-1153 technical-laohu mpay cross-site request forgery
A vulnerability was detected in technical-laohu mpay up to 1.2.4. This affects an unknown function. Performing a manipulation results in cross-site request forgery. Remote exploitation of the attack is possible. The exploit is now public and may be used...
CVE-2026-1153
The CVE-2026-1153 entry concerns the software package technical-laohu mpay up to version 1.2.4, with a cross-site request forgery (CSRF) condition caused by manipulation of an unknown function. The burdened documents indicate a remote exploitation path is possible and that the exploit is public, ...
CVE-2026-1152 technical-laohu mpay QR Code Image unrestricted upload
A security vulnerability has been detected in technical-laohu mpay up to 1.2.4. The impacted element is an unknown function of the component QR Code Image Handler. Such manipulation of the argument codeimg leads to unrestricted upload. The attack may be launched remotely. The exploit has been...
CVE-2026-1152
The affected software is technical-laohu mpay (versions up to 1.2.4). A vulnerability in the QR Code Image Handler allows manipulation of the codeimg argument that leads to unrestricted file upload. This can be exploited remotely, and public exploits have been disclosed. Remediation per PSIRT/PT ...
CVE-2026-1152 technical-laohu mpay QR Code Image unrestricted upload
A security vulnerability has been detected in technical-laohu mpay up to 1.2.4. The impacted element is an unknown function of the component QR Code Image Handler. Such manipulation of the argument codeimg leads to unrestricted upload. The attack may be launched remotely. The exploit has been...
CVE-2026-1151
A weakness has been identified in technical-laohu mpay up to 1.2.4. The affected element is an unknown function of the component User Center. This manipulation of the argument Nickname causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the...
CVE-2026-1151
A weakness has been identified in technical-laohu mpay up to 1.2.4. The affected element is an unknown function of the component User Center. This manipulation of the argument Nickname causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the...
CVE-2026-1151
CVE-2026-1151 affects technical-laohu mpay (User Center) up to version 1.2.4. Manipulating the Nickname argument in an unknown function enables cross-site scripting. The issue can be exploited remotely and public PoCs exist. Remediation: update to version 1.2.4 or later (versions prior to 1.2.4 s...
CVE-2026-1151
A weakness has been identified in technical-laohu mpay up to 1.2.4. The affected element is an unknown function of the component User Center. This manipulation of the argument Nickname causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the...
MPay code-related vulnerabilities
MPay is a convenient payment collection tool developed by Technic Laohu in China. Versions of MPay 1.2.4 and earlier have code vulnerabilities, which stem from incorrect handling of the parameter “codeimg”. This vulnerability may lead to arbitrary file uploads...
PT-2026-3435
Name of the Vulnerable Software and Affected Versions technical-laohu mpay versions up to 1.2.4 Description A security issue exists in the QR Code Image Handler component of technical-laohu mpay. Manipulation of the codeimg argument can lead to unrestricted upload. This issue can be exploited...
PT-2026-3434
Name of the Vulnerable Software and Affected Versions technical-laohu mpay versions up to 1.2.4 Description A flaw exists in the User Center component of technical-laohu mpay. Manipulation of the Nickname argument within an unknown function can lead to cross site scripting. The exploit is publicl...
mpay security vulnerability
MPay is a convenient payment tool developed by Technic Laohu in China. Versions of MPay prior to 1.2.4 contained security vulnerabilities. These vulnerabilities were caused by incorrect operations on unknown functions, which could lead to cross-site request forgery attacks...