CVE-2026-2113
Unknown Unknown - Not Provided
Remote Deserialization Vulnerability in yuan1994 tpadmin WebUploader

Publication date: 2026-02-07

Last updated on: 2026-04-29

Assigner: VulDB

Description
A security vulnerability has been detected in yuan1994 tpadmin up to 1.3.12. This affects an unknown part in the library /public/static/admin/lib/webuploader/0.1.5/server/preview.php of the component WebUploader. The manipulation leads to deserialization. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-07
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-02-07
EPSS Evaluated
2026-06-14
NVD
CVE-2026-2113
EUVD
EUVD-2026-5715
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
tpadmin_project tpadmin to 1.3.12 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-502 The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': "CVE-2026-2113 is a critical security vulnerability in the tpadmin CMS version 1.3.12 and earlier, specifically in the WebUploader component's preview.php file. The vulnerability arises from improper deserialization of untrusted data, which allows unauthenticated attackers to upload arbitrary PHP files to the web server. These malicious files can then be executed remotely with the privileges of the web server, leading to remote code execution."}, {'type': 'paragraph', 'content': 'The affected file lacks proper authentication and file validation mechanisms, making it possible for attackers to exploit this flaw remotely without any user interaction or privileges.'}] [1, 3]

Impact Analysis

[{'type': 'paragraph', 'content': "This vulnerability can have severe impacts including unauthorized remote code execution on the affected system. Attackers can execute arbitrary code with the web server's privileges, potentially leading to full system compromise."}, {'type': 'paragraph', 'content': 'The flaw can affect the confidentiality, integrity, and availability of the system by allowing attackers to manipulate data, disrupt services, or gain unauthorized access.'}, {'type': 'paragraph', 'content': 'Since the affected product is no longer supported and no mitigations are available, the risk of exploitation is high, especially as exploits and proof-of-concept code are publicly available.'}] [1, 3]

Detection Guidance

This vulnerability can be detected by identifying the presence of the vulnerable file path on your system or network: /public/static/admin/lib/webuploader/0.1.5/server/preview.php.

Attackers may use Google dorking to find vulnerable targets by searching for the URL path: inurl:public/static/admin/lib/webuploader/0.1.5/server/preview.php.

  • Use network scanning or web crawling tools to detect the presence of the vulnerable preview.php file on web servers.
  • Run commands like curl or wget to check if the vulnerable endpoint is accessible, for example: curl -I http://targetsite.com/public/static/admin/lib/webuploader/0.1.5/server/preview.php
  • Search your web server files for the path or filename to confirm if the vulnerable version of tpadmin is installed.
Mitigation Strategies

Since the affected product tpadmin by yuan1994 is no longer supported and no known mitigations or countermeasures have been published, immediate mitigation options are limited.

The recommended immediate step is to replace the affected component or product with an alternative that is actively maintained and secure.

In the short term, restrict access to the vulnerable file path by implementing web server access controls or firewall rules to block unauthorized remote access to /public/static/admin/lib/webuploader/0.1.5/server/preview.php.

Monitor your systems for any signs of exploitation attempts, especially uploads of arbitrary PHP files or unexpected web server behavior.

Compliance Impact

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-2113. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart