GHSA-27pg-4cj6-8994

Suggest an improvement
Source
https://github.com/advisories/GHSA-27pg-4cj6-8994
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/04/GHSA-27pg-4cj6-8994/GHSA-27pg-4cj6-8994.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-27pg-4cj6-8994
Aliases
  • CVE-2023-1970
Published
2023-04-10T18:30:22Z
Modified
2024-02-13T19:12:52.370179Z
Severity
  • 7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
yuan1994 tpAdmin Unrestricted Upload of File with Dangerous Type vulnerability
Details

* UNSUPPORTED WHEN ASSIGNED * A vulnerability, which was classified as problematic, has been found in yuan1994 tpAdmin 1.3.12. This issue affects the function Upload of the file application\admin\controller\Upload.php. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225407. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Database specific
{
    "nvd_published_at": "2023-04-10T16:15:00Z",
    "cwe_ids": [
        "CWE-434"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2024-02-13T18:48:40Z"
}
References

Affected packages

Packagist / yuan1994/tpadmin

Package

Name
yuan1994/tpadmin
Purl
pkg:composer/yuan1994/tpadmin

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
1.3.12

Affected versions

v1.*

v1.1
v1.2
v1.2.1
v1.2.2
v1.3
v1.3.1
v1.3.2
v1.3.3
v1.3.4
v1.3.5
v1.3.6
v1.3.7
v1.3.8
v1.3.9
v1.3.10
v1.3.11
v1.3.12