Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS0yN3BnLTRjajYtODk5NM4AAypj
yuan1994 tpAdmin Unrestricted Upload of File with Dangerous Type vulnerability
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as problematic, has been found in yuan1994 tpAdmin 1.3.12. This issue affects the function Upload of the file application\admin\controller\Upload.php. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225407. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Permalink: https://github.com/advisories/GHSA-27pg-4cj6-8994JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0yN3BnLTRjajYtODk5NM4AAypj
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 1 year ago
Updated: 3 months ago
CVSS Score: 7.2
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-27pg-4cj6-8994, CVE-2023-1970
References:
- https://nvd.nist.gov/vuln/detail/CVE-2023-1970
- https://vuldb.com/?ctiid.225407
- https://vuldb.com/?id.225407
- https://tib36.github.io/2023/04/09/tpAdmin-RCE
- https://github.com/advisories/GHSA-27pg-4cj6-8994
Affected Packages
packagist:yuan1994/tpadmin
Dependent packages: 0Dependent repositories: 0
Downloads: 1,229 total
Affected Version Ranges: <= 1.3.12
No known fixed version
All affected versions: 1.2.1, 1.2.2, 1.3.1, 1.3.2, 1.3.3, 1.3.4, 1.3.5, 1.3.6, 1.3.7, 1.3.8, 1.3.9, 1.3.10, 1.3.11, 1.3.12