Unrestricted File Upload Vulnerability in hcr707305003 shiroiAdmin
CVE-2026-15488
6.9MEDIUM
What is CVE-2026-15488?
A vulnerability exists in the hcr707305003 shiroiAdmin software that allows for unrestricted file uploads through the FileController::upload function. This flaw occurs when an attacker can manipulate the File argument to upload files without proper validation. The issue can be exploited remotely, posing a significant security risk. To mitigate this vulnerability, it is essential to upgrade to version 1.4, which includes a dedicated patch (commit 3ecde28ea8a20a3840dbfefd6d6863ee79a83e70). The vendor was informed of this vulnerability but has not issued a response.
Affected Version(s)
shiroiAdmin 1.1
shiroiAdmin 1.3
shiroiAdmin 1.4
