## 漏洞关键信息 - **Vulnerability Identifier:** - VDB-344688 - CVE-2026-2113 - GCVE-100-344688 - **Vulnerability Summary:** - A vulnerability categorized as critical has been discovered in yuan1994 tpadmin up to 1.3.12. This vulnerability affects unknown code in the library `/public/static/admin/lib/webuploader/0.1.5/server/preview.php` of the component `WebUploader`. The manipulation results in deserialization. This vulnerability only affects products that are no longer supported by the maintainer. The vulnerability was named `CVE-2026-2113`. The attack may be performed from remote. In addition, an exploit is available. - **CVSS Meta Temp Score:** - 6.6 - **Current Exploit Price:** - $0-$5k - **CTI Interest Score:** - 0.92 - **Vulnerability Details:** - A vulnerability was found in `yuan1994 tpadmin up to 1.3.12`. It has been classified as critical. Affected is an unknown functionality in the library `/public/static/admin/lib/webuploader/0.1.5/server/preview.php` of the component `WebUploader`. The manipulation with an unknown input leads to a deserialization vulnerability. CWE is classifying the issue as `CWE-502`. The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid. This is going to have an impact on confidentiality, integrity, and availability. - The advisory is shared for download at `github.com`. This vulnerability is traded as `CVE-2026-2113`. The exploitability is told to be easy. It is possible to launch the attack remotely. The exploitation doesn't require any form of authentication. Technical details and a public exploit are known. - The exploit is shared for download at `github.com`. It is declared as a proof-of-concept. By approaching the search of public exploits, additional information can be gained.