CVE-2025-15426
Unrestricted File Upload in jackying H-ui.admin preview.php
Publication date: 2026-01-02
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| jackying | h-ui.admin | to 3.1 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-15426 is a critical vulnerability in jackying H-ui.admin versions up to 3.1, specifically in the /lib/webuploader/0.1.5/server/preview.php file. It is an unrestricted file upload vulnerability that allows attackers to remotely upload arbitrary files, including potentially dangerous PHP files, without any authentication or validation. This can lead to remote code execution on the affected server. The vulnerability is easy to exploit, with a public proof-of-concept available, and no known mitigations or vendor response. [1, 2]
How can this vulnerability impact me? :
This vulnerability can severely impact you by allowing attackers to upload malicious files to your server remotely and without authentication. This can lead to remote code execution, compromising the confidentiality, integrity, and availability of your system. Attackers can gain control over the web server, potentially leading to data breaches, service disruption, or further attacks within your network. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for the presence of the vulnerable file path /lib/webuploader/0.1.5/server/preview.php on your system or web server. Additionally, you can use Google dorking with the query inurl:lib/webuploader/0.1.5/server/preview.php to identify vulnerable targets exposed on the internet. On your system, you might use commands like 'find / -path "*/lib/webuploader/0.1.5/server/preview.php"' to locate the vulnerable file. Monitoring web server logs for unusual file upload attempts or execution of uploaded PHP files can also help detect exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include disabling or restricting access to the vulnerable /lib/webuploader/0.1.5/server/preview.php file to prevent unauthorized uploads. Since no official fixes or patches are available and the vendor did not respond, it is recommended to replace the affected component with an alternative product. Additionally, implementing strict web server file upload validation and restricting execution permissions on upload directories can reduce risk. Monitoring for suspicious activity and applying network-level protections such as web application firewalls may also help mitigate exploitation. [1, 2]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows unrestricted file upload leading to potential compromise of confidentiality, integrity, and availability of data. Such a security flaw can result in unauthorized access or data breaches, which may violate compliance requirements under standards like GDPR and HIPAA that mandate protection of sensitive data and maintaining system security. However, no specific compliance impact details are provided in the resources. [1, 2]