Unrestricted File Upload Vulnerability in hcr707305003 shiroiAdmin
CVE-2026-15488

6.9MEDIUM

Key Information:

Vendor
CVE Published:
12 July 2026

What is CVE-2026-15488?

A vulnerability exists in the hcr707305003 shiroiAdmin software that allows for unrestricted file uploads through the FileController::upload function. This flaw occurs when an attacker can manipulate the File argument to upload files without proper validation. The issue can be exploited remotely, posing a significant security risk. To mitigate this vulnerability, it is essential to upgrade to version 1.4, which includes a dedicated patch (commit 3ecde28ea8a20a3840dbfefd6d6863ee79a83e70). The vendor was informed of this vulnerability but has not issued a response.

Affected Version(s)

shiroiAdmin 1.1

shiroiAdmin 1.3

shiroiAdmin 1.4

References

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Lzy200657 (VulDB User)
VulDB CNA Team
.