CVE-2025-1835 | osuuu LightPicture 1.2.2 /app/controller/Api.php upload file unrestricted upload

CVE-2025-1835 | osuuu LightPicture 1.2.2 /app/controller/Api.php upload file unrestricted upload

A vulnerability has been found in osuuu LightPicture 1.2.2 and classified as critical. This vulnerability affects the function upload of the file /app/controller/Api.php. The manipulation of the argument file leads to unrestricted upload. This vulnerability was named CVE-2025-1835. The attack can be initiated remotely. Furthermore, there is an exploit available.