| عنوان | https://github.com/yuan1994/tpadmin cms v1.3 RCE |
|---|
| الوصف | A critical Remote Code Execution vulnerability exists in H-ui.admin system's WebUploader preview component. The /public/static/admin/lib/webuploader/0.1.5/server/preview.php file lacks proper authentication and file validation, allowing unauthenticated attackers to upload arbitrary PHP files directly to the web server. This results in immediate Remote Code Execution with web server privileges. |
|---|
| المصدر | ⚠️ https://github.com/sTy1H/CVE-Report/blob/main/Remote%20Code%20Execution%20Vulnerability%20in%20Tpadmin%20System.md |
|---|
| المستخدم | sT1TcH (UID 91291) |
|---|
| ارسال | 26/01/2026 08:55 AM (4 أشهر منذ) |
|---|
| الاعتدال | 06/02/2026 03:37 PM (11 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 344688 [yuan1994 tpadmin حتى 1.3.12 WebUploader preview.php تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|