CVE-2026-2113
Remote Deserialization Vulnerability in yuan1994 tpadmin WebUploader
Publication date: 2026-02-07
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tpadmin_project | tpadmin | to 1.3.12 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-502 | The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid. |
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "CVE-2026-2113 is a critical security vulnerability in the tpadmin CMS version 1.3.12 and earlier, specifically in the WebUploader component's preview.php file. The vulnerability arises from improper deserialization of untrusted data, which allows unauthenticated attackers to upload arbitrary PHP files to the web server. These malicious files can then be executed remotely with the privileges of the web server, leading to remote code execution."}, {'type': 'paragraph', 'content': 'The affected file lacks proper authentication and file validation mechanisms, making it possible for attackers to exploit this flaw remotely without any user interaction or privileges.'}] [1, 3]
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': "This vulnerability can have severe impacts including unauthorized remote code execution on the affected system. Attackers can execute arbitrary code with the web server's privileges, potentially leading to full system compromise."}, {'type': 'paragraph', 'content': 'The flaw can affect the confidentiality, integrity, and availability of the system by allowing attackers to manipulate data, disrupt services, or gain unauthorized access.'}, {'type': 'paragraph', 'content': 'Since the affected product is no longer supported and no mitigations are available, the risk of exploitation is high, especially as exploits and proof-of-concept code are publicly available.'}] [1, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by identifying the presence of the vulnerable file path on your system or network: /public/static/admin/lib/webuploader/0.1.5/server/preview.php.
Attackers may use Google dorking to find vulnerable targets by searching for the URL path: inurl:public/static/admin/lib/webuploader/0.1.5/server/preview.php.
- Use network scanning or web crawling tools to detect the presence of the vulnerable preview.php file on web servers.
- Run commands like curl or wget to check if the vulnerable endpoint is accessible, for example: curl -I http://targetsite.com/public/static/admin/lib/webuploader/0.1.5/server/preview.php
- Search your web server files for the path or filename to confirm if the vulnerable version of tpadmin is installed.
What immediate steps should I take to mitigate this vulnerability?
Since the affected product tpadmin by yuan1994 is no longer supported and no known mitigations or countermeasures have been published, immediate mitigation options are limited.
The recommended immediate step is to replace the affected component or product with an alternative that is actively maintained and secure.
In the short term, restrict access to the vulnerable file path by implementing web server access controls or firewall rules to block unauthorized remote access to /public/static/admin/lib/webuploader/0.1.5/server/preview.php.
Monitor your systems for any signs of exploitation attempts, especially uploads of arbitrary PHP files or unexpected web server behavior.