📦 Mpay

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in technical-laohu mpay versions up to 1.2.4. Attackers can trick authenticated users into performing unintended actions by craftin...

This vulnerability in technical-laohu mpay up to version 1.2.4 allows remote attackers to upload arbitrary files via the QR Code Image Handler component. The unrestricted file upload vulnerability can...

This vulnerability allows attackers to inject malicious scripts via the Nickname field in the User Center component of technical-laohu mpay. When exploited, it enables cross-site scripting attacks tha...