PT-2026-1045 · Unknown+1 · Webuploader+1

St1Tch

Publicado

2026-01-02

Atualizado

2026-01-07

CVE-2025-15426

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions jackying H-ui.admin versions up to 3.1

Description A flaw exists in jackying H-ui.admin that allows for unrestricted file uploads. This issue affects an unknown function within the /lib/webuploader/0.1.5/server/preview.php library. The attack can be carried out remotely. The exploit is publicly available. The vendor was contacted but did not respond.

Recommendations Versions prior to 3.1 should be updated. As a temporary workaround, consider restricting access to the /lib/webuploader/0.1.5/server/preview.php file to minimize the risk of exploitation.

Exploit

Correção

Unrestricted File Upload

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-434CWE-284

Identificadores relacionados

CVE-2025-15426

Produtos afetados

H-Ui.Admin

Webuploader

PT-2026-1045 · Unknown+1 · Webuploader+1

CVE-2025-15426

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 12