29 matches found
📄 yuan1994 tpadmin Shell Upload
yuan1994 tpadmin versions up to 1.3.12 suffers from a remote shell upload vulnerability. tpadmin-CVE-2026-2113-poc A proof-of-concept exploiting a Remote Code Execution with web server privileges via Arbitrary File Upload. Vulnerability Description A critical Remote Code Execution vulnerability...
CVE-2026-2113
A security vulnerability has been detected in yuan1994 tpadmin up to 1.3.12. This affects an unknown part in the library /public/static/admin/lib/webuploader/0.1.5/server/preview.php of the component WebUploader. The manipulation leads to deserialization. The attack is possible to be carried out...
CVE-2026-2113
A security vulnerability has been detected in yuan1994 tpadmin up to 1.3.12. This affects an unknown part in the library /public/static/admin/lib/webuploader/0.1.5/server/preview.php of the component WebUploader. The manipulation leads to deserialization. The attack is possible to be carried out...
CVE-2026-2113
A security vulnerability has been detected in yuan1994 tpadmin up to 1.3.12. This affects an unknown part in the library /public/static/admin/lib/webuploader/0.1.5/server/preview.php of the component WebUploader. The manipulation leads to deserialization. The attack is possible to be carried out...
CVE-2026-2113
tpadmin up to v1.3.12 is affected by a remote code execution/deserialization vulnerability in /public/static/admin/lib/webuploader/0.1.5/server/preview.php. The webuploader/preview.php endpoint lacks proper authentication and file validation, allowing unauthenticated attackers to upload arbitrary...
CVE-2026-2113 yuan1994 tpadmin WebUploader preview.php deserialization
A security vulnerability has been detected in yuan1994 tpadmin up to 1.3.12. This affects an unknown part in the library /public/static/admin/lib/webuploader/0.1.5/server/preview.php of the component WebUploader. The manipulation leads to deserialization. The attack is possible to be carried out...
CVE-2026-2113 yuan1994 tpadmin WebUploader preview.php deserialization
A security vulnerability has been detected in yuan1994 tpadmin up to 1.3.12. This affects an unknown part in the library /public/static/admin/lib/webuploader/0.1.5/server/preview.php of the component WebUploader. The manipulation leads to deserialization. The attack is possible to be carried out...
EUVD-2026-5715
A security vulnerability has been detected in yuan1994 tpadmin up to 1.3.12. This affects an unknown part in the library /public/static/admin/lib/webuploader/0.1.5/server/preview.php of the component WebUploader. The manipulation leads to deserialization. The attack is possible to be carried out...
CVE-2026-2113
A security vulnerability has been detected in yuan1994 tpadmin up to 1.3.12. This affects an unknown part in the library /public/static/admin/lib/webuploader/0.1.5/server/preview.php of the component WebUploader. The manipulation leads to deserialization. The attack is possible to be carried out...
PT-2026-6920
Name of the Vulnerable Software and Affected Versions yuan1994 tpadmin versions up to 1.3.12 Description A security issue exists in yuan1994 tpadmin up to version 1.3.12. The issue is related to deserialization within the WebUploader component, specifically in the file...
tpAdmin 代码问题漏洞
tpAdmin is a management backend developed by Ethan as an individual developer, based on ThinkPHP5. Versions of tpadmin 1.3.12 and earlier have code vulnerabilities. These vulnerabilities stem from incorrect operations with the library...
CVE-2025-15426
A vulnerability was identified in jackying H-ui.admin up to 3.1. This affects an unknown function in the library /lib/webuploader/0.1.5/server/preview.php. The manipulation leads to unrestricted upload. The attack is possible to be carried out remotely. The exploit is publicly available and might...
CVE-2025-15426
A vulnerability was identified in jackying H-ui.admin up to 3.1. This affects an unknown function in the library /lib/webuploader/0.1.5/server/preview.php. The manipulation leads to unrestricted upload. The attack is possible to be carried out remotely. The exploit is publicly available and might...
CVE-2025-15426 jackying H-ui.admin preview.php unrestricted upload
A vulnerability was identified in jackying H-ui.admin up to 3.1. This affects an unknown function in the library /lib/webuploader/0.1.5/server/preview.php. The manipulation leads to unrestricted upload. The attack is possible to be carried out remotely. The exploit is publicly available and might...
CVE-2025-15426 jackying H-ui.admin preview.php unrestricted upload
A vulnerability was identified in jackying H-ui.admin up to 3.1. This affects an unknown function in the library /lib/webuploader/0.1.5/server/preview.php. The manipulation leads to unrestricted upload. The attack is possible to be carried out remotely. The exploit is publicly available and might...
CVE-2025-15426
CVE-2025-15426 affects jackying H-ui.admin up to version 3.1. A flaw in the library file /lib/webuploader/0.1.5/server/preview.php allows unrestricted file uploads via a remotely exploitable path. Public PoC exists; vendor reportedly unresponsive. Impact is described as remote arbitrary file uplo...
EUVD-2024-35281
Malicious code in bioql PyPI...
EUVD-2025-31490
Malicious code in bioql PyPI...
CVE-2025-11136
A flaw has been found in YiFang CMS up to 2.0.2. The impacted element is the function webUploader of the file app/app/controller/File.php of the component Backend. Executing manipulation of the argument uploadpath can lead to unrestricted upload. The attack can be launched remotely. The exploit h...
CVE-2025-11136
A flaw has been found in YiFang CMS up to 2.0.2. The impacted element is the function webUploader of the file app/app/controller/File.php of the component Backend. Executing manipulation of the argument uploadpath can lead to unrestricted upload. The attack can be launched remotely. The exploit h...