4 matches found
CVE-2026-1153
A vulnerability was detected in technical-laohu mpay up to 1.2.4. This affects an unknown function. Performing a manipulation results in cross-site request forgery. Remote exploitation of the attack is possible. The exploit is now public and may be used...
CVE-2026-1153
A vulnerability was detected in technical-laohu mpay up to 1.2.4. This affects an unknown function. Performing a manipulation results in cross-site request forgery. Remote exploitation of the attack is possible. The exploit is now public and may be used...
CVE-2026-1153
A vulnerability was detected in technical-laohu mpay up to 1.2.4. This affects an unknown function. Performing a manipulation results in cross-site request forgery. Remote exploitation of the attack is possible. The exploit is now public and may be used...
mpay code injection vulnerability
MPay is a convenient payment collection tool developed by Technic Laohu in China. Versions of MPay 1.2.4 and earlier had a code injection vulnerability. This vulnerability stemmed from incorrect handling of the parameter “Nickname,” and could lead to cross-site scripting attacks...