Submit #746795: https://github.com/yuan1994/tpadmin cms v1.3 RCEinfo

Titlehttps://github.com/yuan1994/tpadmin cms v1.3 RCE
DescriptionA critical Remote Code Execution vulnerability exists in H-ui.admin system's WebUploader preview component. The /public/static/admin/lib/webuploader/0.1.5/server/preview.php file lacks proper authentication and file validation, allowing unauthenticated attackers to upload arbitrary PHP files directly to the web server. This results in immediate Remote Code Execution with web server privileges.
Source⚠️ https://github.com/sTy1H/CVE-Report/blob/main/Remote%20Code%20Execution%20Vulnerability%20in%20Tpadmin%20System.md
User
 sT1TcH (UID 91291)
Submission01/26/2026 08:55 (5 months ago)
Moderation02/06/2026 15:37 (11 days later)
StatusAccepted
VulDB entry344688 [yuan1994 tpadmin up to 1.3.12 WebUploader preview.php deserialization]
Points20

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!