CVE-2023-1971
- Source
- https://cve.org/CVERecord?id=CVE-2023-1971
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-1971.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-1971
- Aliases
- Published
- 2023-04-10T16:31:03.094Z
- Modified
- 2026-05-28T04:08:52.543601873Z
- Severity
-
- 6.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
- Summary
- yuan1994 tpAdmin Upload.php remote server-side request forgery
- Details
-
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in yuan1994 tpAdmin 1.3.12. Affected is the function remote of the file application\admin\controller\Upload.php. The manipulation of the argument url leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225408. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
- Database specific
{ "cwe_ids": [ "CWE-918" ], "unresolved_ranges": [ { "extracted_events": [ { "last_affected": "1.3.12" } ], "source": "AFFECTED_FIELD" } ], "cna_assigner": "VulDB", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/1xxx/CVE-2023-1971.json" }- References
Affected packages
Git / github.com/yuan1994/tpadmin
Affected ranges
- Type
- GIT
- Repo
- https://github.com/yuan1994/tpadmin
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "cpe": "cpe:2.3:a:tpadmin_project:tpadmin:1.3.12:*:*:*:*:*:*:*", "extracted_events": [ { "introduced": "0" }, { "last_affected": "1.3.12" } ], "source": "CPE_STRING" }