yuan1994 tpAdmin Upload.php remote server-side request forgery
CVE-2023-1971

4.9MEDIUM

Key Information:

Vendor

yuan1994

Status
tpAdmin
Vendor
CVE Published:
10 April 2023

What is CVE-2023-1971?

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in yuan1994 tpAdmin 1.3.12. Affected is the function remote of the file application\admin\controller\Upload.php. The manipulation of the argument url leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225408. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

tpAdmin 1.3.12

References

https://vuldb.com/?id.225408
vdb-entrytechnical-description
https://vuldb.com/?ctiid.225408
signaturepermissions-required
https://tib36.github.io/2023/04/09/tpAdmin-SSRF/
broken-linkexploit

CVSS V3.1

Score:
4.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

nokali (VulDB User)
JSON
.