CVE-2026-2113

A security vulnerability has been detected in yuan1994 tpadmin up to 1.3.12. This affects an unknown part in the library /public/static/admin/lib/webuploader/0.1.5/server/preview.php of the component WebUploader. The manipulation leads to deserialization. The attack is possible to be carried out...

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the preview.php file. An attacker can execute arbitrary code and compromise confidentiality, integrity, and availability by sending specially crafted serialized data to the affected endpoint. Detail...

CVE-2026-2113

A security vulnerability has been detected in yuan1994 tpadmin up to 1.3.12. This affects an unknown part in the library /public/static/admin/lib/webuploader/0.1.5/server/preview.php of the component WebUploader. The manipulation leads to deserialization. The attack is possible to be carried out...

CVE-2026-2113

tpadmin up to v1.3.12 is affected by a remote code execution/deserialization vulnerability in /public/static/admin/lib/webuploader/0.1.5/server/preview.php. The webuploader/preview.php endpoint lacks proper authentication and file validation, allowing unauthenticated attackers to upload arbitrary...

PT-2026-6920

Name of the Vulnerable Software and Affected Versions yuan1994 tpadmin versions up to 1.3.12 Description A security issue exists in yuan1994 tpadmin up to version 1.3.12. The issue is related to deserialization within the WebUploader component, specifically in the file...

EUVD-2023-1152

Malicious code in bioql PyPI...

GHSA-QR7H-8PV2-XVX2 yuan1994 tpAdmin vulnerable to Server-Side Request Forgery

UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as critical, was found in yuan1994 tpAdmin 1.3.12. Affected is the function remote of the file application\admin\controller\Upload.php. The manipulation of the argument url leads to server-side request forgery. It is possible to laun...

CVE-2023-1971

UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as critical, was found in yuan1994 tpAdmin 1.3.12. Affected is the function remote of the file application\admin\controller\Upload.php. The manipulation of the argument url leads to server-side request forgery. It is possible to laun...

Server side request forgery (ssrf)

UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as critical, was found in yuan1994 tpAdmin 1.3.12. Affected is the function remote of the file application\admin\controller\Upload.php. The manipulation of the argument url leads to server-side request forgery. It is possible to laun...

CVE-2023-1971 yuan1994 tpAdmin Upload.php remote server-side request forgery

UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as critical, was found in yuan1994 tpAdmin 1.3.12. Affected is the function remote of the file application\admin\controller\Upload.php. The manipulation of the argument url leads to server-side request forgery. It is possible to laun...

CVE-2023-1971

CVE-2023-1971 affects yuan1994 tpAdmin 1.3.12. Affected component: the remote() function in application/admin/controller/Upload.php, where manipulation of the url argument enables server-side request forgery (SSRF). Exploitation can be performed remotely, and public disclosures exist (VDB-225408)...

CVE-2023-1970

CVE-2023-1970 affects yuan1994 tpAdmin 1.3.12. The vulnerability exists in the Upload.php Upload function, where manipulation of the file argument enables unrestricted file uploads. The attack can be initiated remotely, and public exploits have been disclosed. Note: tpAdmin is no longer maintaine...

CVE-2023-1970 yuan1994 tpAdmin Upload.php Upload unrestricted upload

UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as problematic, has been found in yuan1994 tpAdmin 1.3.12. This issue affects the function Upload of the file application\admin\controller\Upload.php. The manipulation of the argument file leads to unrestricted upload. The attack may...