📄 Description (English)
A vulnerability has been found in osuuu LightPicture up to 1.2.2. This issue affects some unknown processing of the file /public/install/lp.sql of the component API Upload Endpoint. Such manipulation of the argument key leads to hard-coded credentials. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
🤖 AI Executive Summary
CVE-2026-6574 is a high-severity vulnerability in osuuu LightPicture up to version 1.2.2 that exposes hard-coded credentials through the API upload endpoint at /public/install/lp.sql. The vulnerability allows remote attackers to obtain authentication credentials without authentication, potentially leading to unauthorized access to sensitive systems. With no patch available and the exploit publicly disclosed, this poses an immediate risk to organizations using affected versions.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: May 7, 2026 11:18
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability primarily impacts Saudi organizations using LightPicture for content management or digital asset management, particularly in: Government agencies (NCA, CITC) using web-based document management systems; Banking and financial institutions (SAMA-regulated) using LightPicture for customer-facing portals; Healthcare providers using the platform for medical records management; Media and telecommunications companies (STC, Zain) using it for content delivery. The exposure of hard-coded credentials could lead to unauthorized administrative access, data breaches, and compliance violations under NCA ECC 2024 and SAMA CSF frameworks.
🏢 Affected Saudi Sectors
Government
Banking and Financial Services
Healthcare
Telecommunications
Media and Broadcasting
Education
Energy
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
8.2
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Identify all instances of osuuu LightPicture version 1.2.2 or earlier in your environment
2. Restrict network access to /public/install/lp.sql endpoint using WAF rules or firewall policies
3. Monitor access logs for suspicious requests to the vulnerable endpoint
4. Change all credentials that may have been exposed through this vulnerability
PATCHING GUIDANCE:
1. Contact osuuu vendor for security updates or migrate to alternative solutions
2. If upgrade is unavailable, implement compensating controls immediately
3. Deploy Web Application Firewall (WAF) rules to block requests to /public/install/lp.sql
4. Implement API authentication and authorization controls
COMPENSATING CONTROLS:
1. Disable or remove the /public/install/ directory from production environments
2. Implement IP whitelisting for API endpoints
3. Deploy intrusion detection signatures for exploitation attempts
4. Enable comprehensive audit logging for all API access
5. Implement rate limiting on upload endpoints
DETECTION RULES:
1. Alert on any HTTP requests to /public/install/lp.sql or /public/install/ paths
2. Monitor for unusual API upload endpoint activity
3. Track failed authentication attempts followed by successful access
4. Log and alert on credential exposure patterns in application logs
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. تحديد جميع حالات استخدام osuuu LightPicture الإصدار 1.2.2 أو أقدم في بيئتك
2. تقييد الوصول الشبكي إلى نقطة النهاية /public/install/lp.sql باستخدام قواعد WAF أو سياسات جدار الحماية
3. مراقبة سجلات الوصول للطلبات المريبة إلى نقطة النهاية الضعيفة
4. تغيير جميع بيانات الاعتماد التي قد تكون قد تعرضت عبر هذه الثغرة
إرشادات التصحيح:
1. التواصل مع بائع osuuu للحصول على تحديثات أمان أو الهجرة إلى حلول بديلة
2. إذا لم يكن الترقية متاحة، قم بتنفيذ الضوابط البديلة فوراً
3. نشر قواعد جدار تطبيقات الويب (WAF) لحظر الطلبات إلى /public/install/lp.sql
4. تنفيذ ضوابط المصادقة والتفويض للواجهات البرمجية
الضوابط البديلة:
1. تعطيل أو إزالة دليل /public/install/ من بيئات الإنتاج
2. تنفيذ قائمة بيضاء للعناوين IP لنقاط نهاية API
3. نشر توقيعات كشف الاختراق لمحاولات الاستغلال
4. تفعيل تسجيل التدقيق الشامل لجميع وصول API
5. تنفيذ تحديد معدل على نقاط نهاية التحميل
قواعد الكشف:
1. تنبيه على أي طلبات HTTP إلى مسارات /public/install/lp.sql أو /public/install/
2. مراقبة نشاط نقطة نهاية تحميل API غير العادي
3. تتبع محاولات المصادقة الفاشلة متبوعة بالوصول الناجح
4. تسجيل والتنبيه على أنماط تعريض بيانات الاعتماد في سجلات التطبيق
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
A.5.1.1 - Information Security Policies and Procedures
A.6.1.1 - Access Control Policy
A.6.2.1 - User Registration and De-registration
A.6.2.2 - User Access Provisioning
A.8.2.1 - Classification of Information
A.8.2.3 - Handling of Assets
A.9.2.1 - User Endpoint Devices
A.9.4.3 - Password Management
A.12.6.1 - Management of Technical Vulnerabilities
🔵 SAMA CSF
ID.AM-2 - Software Inventory
PR.AC-1 - Access Control Policy
PR.AC-4 - Access Rights Management
PR.DS-1 - Data Security Management
DE.CM-8 - Vulnerability Scanning
RS.MI-2 - Incident Response and Management
🟡 ISO 27001:2022
5.15 - Access Control
6.5.2 - Addressing information security in supplier relationships
8.1.1 - Inventory of assets
8.2.1 - Classification of information
8.3.1 - Handling of removable media
A.5.1.1 - Policies for information security
A.6.1.1 - Access control policy
A.6.2.1 - User registration and de-registration
A.8.2.3 - Handling of assets
A.9.4.3 - Password management
A.12.6.1 - Management of technical vulnerabilities
🟣 PCI DSS v4.0.1
Requirement 2.1 - Change vendor-supplied defaults
Requirement 6.2 - Ensure security patches are installed
Requirement 8.2.1 - Use strong authentication
Requirement 8.2.3 - Passwords must meet minimum strength