| 제목 | https://www.h-ui.net/ H-ui.admin v3.1 RCE |
|---|
| 설명 | A critical Remote Code Execution vulnerability exists in H-ui.admin system's WebUploader preview component. The /lib/webuploader/0.1.5/server/preview.php file lacks proper authentication and file validation, allowing unauthenticated attackers to upload arbitrary PHP files directly to the web server. This results in immediate Remote Code Execution with web server privileges. |
|---|
| 원천 | ⚠️ https://github.com/TiKi-r/CVE-Report/blob/main/H-ui.admin%20RCE.md |
|---|
| 사용자 | sT1TcH (UID 91291) |
|---|
| 제출 | 2025. 12. 22. PM 12:45 (4 개월 ago) |
|---|
| 모더레이션 | 2026. 01. 01. PM 12:15 (10 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 339348 [jackying H-ui.admin 까지 3.1 preview.php 권한 상승] |
|---|
| 포인트들 | 20 |
|---|