Vulnerabilities

Report: CVE-2026-6574 - osuuu LightPicture API Upload Endpoint lp.sql hard-coded credentials - Full Analysis

2026-04-19 0 views admin

CVE ID :CVE-2026-6574 Published : April 19, 2026, 1:30 p.m. | 36 minutes ago Description :A vulnerability has been found in osuuu LightPicture up to 1.2.2. This issue affects some unknown processing of the file /public/install/lp.sql of the component API Upload Endpoint. Such manipulation of the argument key leads to hard-coded credentials. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2026-6574

Published

April 19, 2026

🏷️ Tags

reportosuuulightpictureuploadendpointcodedcredentialsanalysiscvecve-2026-6574

InfinitSec - Latest Cybersecurity, Technology & Gaming News

Report: CVE-2026-6574 - osuuu LightPicture API Upload Endpoint lp.sql hard-coded credentials - Full Analysis

CVE Details

🏷️ Tags

More from Vulnerabilities

Report: CVE-2026-6571 - kodcloud KodExplorer systemRole.class.php roleGroupAction authorization

Report: Ultimate Guide: CVE-2026-6572 - Collabora KodExplorer fileUpload Endpoint share.class.php improper authorization

Report: CVE-2026-6573 - PHPEMS Instant Exam Creation exams.master.php temppage server-side request forgery

Report: Complete Guide to CVE-2026-6568 - kodcloud KodExplorer Public Share share.class.php initShareOld path traversal

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting