| Название | https://github.com/yuan1994/tpadmin cms v1.3 RCE |
|---|
| Описание | A critical Remote Code Execution vulnerability exists in H-ui.admin system's WebUploader preview component. The /public/static/admin/lib/webuploader/0.1.5/server/preview.php file lacks proper authentication and file validation, allowing unauthenticated attackers to upload arbitrary PHP files directly to the web server. This results in immediate Remote Code Execution with web server privileges. |
|---|
| Источник | ⚠️ https://github.com/sTy1H/CVE-Report/blob/main/Remote%20Code%20Execution%20Vulnerability%20in%20Tpadmin%20System.md |
|---|
| Пользователь | sT1TcH (UID 91291) |
|---|
| Представление | 26.01.2026 08:55 (4 месяцы назад) |
|---|
| Модерация | 06.02.2026 15:37 (11 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 344688 [yuan1994 tpadmin до 1.3.12 WebUploader preview.php эскалация привилегий] |
|---|
| Баллы | 20 |
|---|