CVE-2026-1152
Unrestricted File Upload Vulnerability in Technical-Laohu MPay QR Handler
Publication date: 2026-01-19
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| technical-laohu | mpay | to 1.2.4 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-1152 is an arbitrary file upload vulnerability in the technical-laohu mpay application up to version 1.2.4. It exists in the QR Code Image Handler component, specifically through manipulation of the 'codeimg' argument, which allows attackers to upload malicious files such as webshells, viruses, or scripts without restriction. This flaw can be exploited remotely and enables attackers to gain unauthorized control over the server or steal sensitive information. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can impact you by compromising the confidentiality, integrity, and availability of your system. Attackers can upload malicious files that may allow them to execute arbitrary code, gain control over the server, steal sensitive information, or disrupt services. The exploit is publicly available and can be launched remotely, making it a significant security risk. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for arbitrary file uploads through the QR Code Image Handler, specifically via the 'codeimg' argument. You can check server logs for unusual POST requests to the QR code upload endpoint containing suspicious file types or unexpected payloads. Additionally, scanning the upload directories for unexpected or executable files (e.g., webshells) can help identify exploitation attempts. Commands such as 'grep' on web server logs to find requests with 'codeimg' parameter, and 'find' commands to locate recently added or suspicious files in upload directories, can be useful. For example: 1) grep 'codeimg' /var/log/apache2/access.log 2) find /path/to/upload/dir -type f -mtime -7 -exec file {} \; | grep -i 'executable' 3) Using intrusion detection systems or web application firewalls to alert on unusual file upload patterns is also recommended. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: 1) Restricting the types of files allowed for upload by validating file extensions and verifying file header information to ensure only safe formats (e.g., images, documents) are accepted. 2) Restricting permissions on the upload directory to prevent execution of uploaded files. 3) Storing uploaded files with randomized filenames to avoid predictable paths. 4) Performing content scanning on uploaded files to detect malicious code. 5) If possible, replacing or updating the vulnerable component to a non-affected version. Since no known countermeasures exist, these steps help reduce the risk of exploitation. [1, 2]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not explicitly discuss the impact of CVE-2026-1152 on compliance with common standards and regulations such as GDPR or HIPAA. However, since the vulnerability allows attackers to upload arbitrary malicious files potentially leading to unauthorized control over the server and theft of sensitive information, it could indirectly affect compliance by risking confidentiality and integrity of personal or sensitive data. No direct statements about compliance impact or regulatory considerations are given. [1, 2, 3]