提出 #746795: https://github.com/yuan1994/tpadmin cms v1.3 RCE情報

タイトルhttps://github.com/yuan1994/tpadmin cms v1.3 RCE
説明A critical Remote Code Execution vulnerability exists in H-ui.admin system's WebUploader preview component. The /public/static/admin/lib/webuploader/0.1.5/server/preview.php file lacks proper authentication and file validation, allowing unauthenticated attackers to upload arbitrary PHP files directly to the web server. This results in immediate Remote Code Execution with web server privileges.
ソース⚠️ https://github.com/sTy1H/CVE-Report/blob/main/Remote%20Code%20Execution%20Vulnerability%20in%20Tpadmin%20System.md
ユーザー
 sT1TcH (UID 91291)
送信2026年01月26日 08:55 (4 月 ago)
モデレーション2026年02月06日 15:37 (11 days later)
ステータス承諾済み
VulDBエントリ344688 [yuan1994 tpadmin 迄 1.3.12 WebUploader preview.php 特権昇格]
ポイント20

概要

Do you want to use VulDB in your project?

Use the official API to access entries easily!