30 matches found
📄 tpAdmin 1.3.12 Shell Upload
tpAdmin versions 1.3.12 and below suffer from a remote shell upload vulnerability due to improper validation of file uploads within the preview.php component under /admin/lib/webuploader/0.1.5/server/...
📄 yuan1994 tpadmin Shell Upload
yuan1994 tpadmin versions up to 1.3.12 suffers from a remote shell upload vulnerability. tpadmin-CVE-2026-2113-poc A proof-of-concept exploiting a Remote Code Execution with web server privileges via Arbitrary File Upload. Vulnerability Description A critical Remote Code Execution vulnerability...
CVE-2026-2113
A security vulnerability has been detected in yuan1994 tpadmin up to 1.3.12. This affects an unknown part in the library /public/static/admin/lib/webuploader/0.1.5/server/preview.php of the component WebUploader. The manipulation leads to deserialization. The attack is possible to be carried out...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the preview.php file. An attacker can execute arbitrary code and compromise confidentiality, integrity, and availability by sending specially crafted serialized data to the affected endpoint. Detail...
CVE-2026-2113
A security vulnerability has been detected in yuan1994 tpadmin up to 1.3.12. This affects an unknown part in the library /public/static/admin/lib/webuploader/0.1.5/server/preview.php of the component WebUploader. The manipulation leads to deserialization. The attack is possible to be carried out...
CVE-2026-2113
A security vulnerability has been detected in yuan1994 tpadmin up to 1.3.12. This affects an unknown part in the library /public/static/admin/lib/webuploader/0.1.5/server/preview.php of the component WebUploader. The manipulation leads to deserialization. The attack is possible to be carried out...
CVE-2026-2113
tpadmin up to v1.3.12 is affected by a remote code execution/deserialization vulnerability in /public/static/admin/lib/webuploader/0.1.5/server/preview.php. The webuploader/preview.php endpoint lacks proper authentication and file validation, allowing unauthenticated attackers to upload arbitrary...
CVE-2026-2113 yuan1994 tpadmin WebUploader preview.php deserialization
A security vulnerability has been detected in yuan1994 tpadmin up to 1.3.12. This affects an unknown part in the library /public/static/admin/lib/webuploader/0.1.5/server/preview.php of the component WebUploader. The manipulation leads to deserialization. The attack is possible to be carried out...
CVE-2026-2113 yuan1994 tpadmin WebUploader preview.php deserialization
A security vulnerability has been detected in yuan1994 tpadmin up to 1.3.12. This affects an unknown part in the library /public/static/admin/lib/webuploader/0.1.5/server/preview.php of the component WebUploader. The manipulation leads to deserialization. The attack is possible to be carried out...
EUVD-2026-5715
A security vulnerability has been detected in yuan1994 tpadmin up to 1.3.12. This affects an unknown part in the library /public/static/admin/lib/webuploader/0.1.5/server/preview.php of the component WebUploader. The manipulation leads to deserialization. The attack is possible to be carried out...
CVE-2026-2113
A security vulnerability has been detected in yuan1994 tpadmin up to 1.3.12. This affects an unknown part in the library /public/static/admin/lib/webuploader/0.1.5/server/preview.php of the component WebUploader. The manipulation leads to deserialization. The attack is possible to be carried out...
PT-2026-6920
Name of the Vulnerable Software and Affected Versions yuan1994 tpadmin versions up to 1.3.12 Description A security issue exists in yuan1994 tpadmin up to version 1.3.12. The issue is related to deserialization within the WebUploader component, specifically in the file...
tpAdmin 代码问题漏洞
tpAdmin is a management backend developed by Ethan as an individual developer, based on ThinkPHP5. Versions of tpadmin 1.3.12 and earlier have code vulnerabilities. These vulnerabilities stem from incorrect operations with the library...
EUVD-2023-1152
Malicious code in bioql PyPI...
CVE-2023-1971
UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as critical, was found in yuan1994 tpAdmin 1.3.12. Affected is the function remote of the file application\admin\controller\Upload.php. The manipulation of the argument url leads to server-side request forgery. It is possible to laun...
CVE-2023-1970
UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as problematic, has been found in yuan1994 tpAdmin 1.3.12. This issue affects the function Upload of the file application\admin\controller\Upload.php. The manipulation of the argument file leads to unrestricted upload. The attack may...
GHSA-QR7H-8PV2-XVX2 yuan1994 tpAdmin vulnerable to Server-Side Request Forgery
UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as critical, was found in yuan1994 tpAdmin 1.3.12. Affected is the function remote of the file application\admin\controller\Upload.php. The manipulation of the argument url leads to server-side request forgery. It is possible to laun...
CVE-2023-1971
UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as critical, was found in yuan1994 tpAdmin 1.3.12. Affected is the function remote of the file application\admin\controller\Upload.php. The manipulation of the argument url leads to server-side request forgery. It is possible to laun...
Server side request forgery (ssrf)
UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as critical, was found in yuan1994 tpAdmin 1.3.12. Affected is the function remote of the file application\admin\controller\Upload.php. The manipulation of the argument url leads to server-side request forgery. It is possible to laun...
CVE-2023-1971 yuan1994 tpAdmin Upload.php remote server-side request forgery
UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as critical, was found in yuan1994 tpAdmin 1.3.12. Affected is the function remote of the file application\admin\controller\Upload.php. The manipulation of the argument url leads to server-side request forgery. It is possible to laun...