Submit #721457: https://www.h-ui.net/ H-ui.admin v3.1 RCEinfo

Titelhttps://www.h-ui.net/ H-ui.admin v3.1 RCE
BeschreibungA critical Remote Code Execution vulnerability exists in H-ui.admin system's WebUploader preview component. The /lib/webuploader/0.1.5/server/preview.php file lacks proper authentication and file validation, allowing unauthenticated attackers to upload arbitrary PHP files directly to the web server. This results in immediate Remote Code Execution with web server privileges.
Quelle⚠️ https://github.com/TiKi-r/CVE-Report/blob/main/H-ui.admin%20RCE.md
Benutzer
 sT1TcH (UID 91291)
Einreichung22.12.2025 12:45 (vor 4 Monaten)
Moderieren01.01.2026 12:15 (10 days later)
StatusAkzeptiert
VulDB Eintrag339348 [jackying H-ui.admin bis 3.1 preview.php erweiterte Rechte]
Punkte20

ZurückÜbersichtWeiter

Do you know our Splunk app?

Download it now for free!