Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.9
LightPicture API Upload Vulnerability: Exposes Sensitive Credentials
CVE-2026-6574
Summary
A security issue in LightPicture's API Upload Endpoint can leak hardcoded credentials. This affects versions up to 1.2.2. To protect your data, update to a fixed version of LightPicture as soon as possible.
Original title
A vulnerability has been found in osuuu LightPicture up to 1.2.2. This issue affects some unknown processing of the file /public/install/lp.sql of the component API Upload Endpoint. Such manipulati...
Original description
A vulnerability has been found in osuuu LightPicture up to 1.2.2. This issue affects some unknown processing of the file /public/install/lp.sql of the component API Upload Endpoint. Such manipulation of the argument key leads to hard-coded credentials. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
nvd CVSS2.0
7.5
nvd CVSS3.1
7.3
nvd CVSS4.0
6.9
Vulnerability type
CWE-259
CWE-798
Use of Hard-coded Credentials
Published: 19 Apr 2026 · Updated: 19 Apr 2026 · First seen: 19 Apr 2026