CVE-2023-1970: Unrestricted Upload of File with Dangerous Type

April 10, 2023 (updated February 13, 2024)

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as problematic, has been found in yuan1994 tpAdmin 1.3.12. This issue affects the function Upload of the file application\admin\controller\Upload.php. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225407. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

References

github.com/advisories/GHSA-27pg-4cj6-8994
nvd.nist.gov/vuln/detail/CVE-2023-1970
tib36.github.io/2023/04/09/tpAdmin-RCE
vuldb.com/?ctiid.225407
vuldb.com/?id.225407

Code Behaviors & Features

Detect and mitigate CVE-2023-1970 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →