CVE-2026-2113

Summary

A security vulnerability has been detected in yuan1994 tpadmin up to 1.3.12. This affects an unknown part in the library /public/static/admin/lib/webuploader/0.1.5/server/preview.php of the component WebUploader. The manipulation leads to deserialization. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Affected Software

VendorProductVersion RangeStatus
yuan1994tpadmin1.3.0affected
yuan1994tpadmin1.3.1affected
yuan1994tpadmin1.3.2affected
yuan1994tpadmin1.3.3affected
yuan1994tpadmin1.3.4affected
yuan1994tpadmin1.3.5affected
yuan1994tpadmin1.3.6affected
yuan1994tpadmin1.3.7affected
yuan1994tpadmin1.3.8affected
yuan1994tpadmin1.3.9affected
yuan1994tpadmin1.3.10affected
yuan1994tpadmin1.3.11affected
yuan1994tpadmin1.3.12affected

Weaknesses

  • CWE-502: Deserialization
  • CWE-20: Improper Input Validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References