CVE-2023-1971
Server-Side Request Forgery (SSRF) in packagist/yuan1994/tpadmin
Identifiers
GHSA-qr7h-8pv2-xvx2, CVE-2023-1971
Package Slug
packagist/yuan1994/tpadmin
Vulnerability
Server-Side Request Forgery (SSRF)
Description
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in yuan1994 tpAdmin 1.3.12. Affected is the function remote of the file application\admin\controller\Upload.php. The manipulation of the argument url leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225408. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Affected Versions
All versions up to 1.3.12
Solution
Unfortunately, there is no solution available yet.
Last Modified
2024-02-14
| source |