PT-2026-6920 · Unknown+1 · Webuploader+1
St1Tch
·
Published
2026-02-07
·
Updated
2026-03-05
·
CVE-2026-2113
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
yuan1994 tpadmin versions up to 1.3.12
Description
A security issue exists in yuan1994 tpadmin up to version 1.3.12. The issue is related to deserialization within the WebUploader component, specifically in the file
/public/static/admin/lib/webuploader/0.1.5/server/preview.php. This can be exploited remotely. The exploit for this issue has been publicly disclosed. This vulnerability affects products that are no longer supported by the maintainer.Recommendations
Versions prior to 1.3.12 should not be used.
Exploit
Fix
Deserialization of Untrusted Data
Unrestricted File Upload
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Webuploader
Ftp Admin