CVE-2025-15426 | jackying H-ui.admin up to 3.1 preview.php unrestricted upload

Inserito da Angelo Barbosa | Gen 1, 2026 | CVE

A vulnerability, which was classified as critical, has been found in jackying H-ui.admin up to 3.1. This affects an unknown function in the library /lib/webuploader/0.1.5/server/preview.php. The manipulation leads to unrestricted upload.

This vulnerability is uniquely identified as CVE-2025-15426. The attack is possible to be carried out remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-15426 | jackying H-ui.admin up to 3.1 preview.php unrestricted upload

Post correlati

CVE-2024-3800 | Concept Intermedia SAM CMS up to 3.3 cross site scripting

CVE-2024-11610 | AutomationDirect C-More EA9 Programming Software up to 6.78 File Parser stack-based overflow (icsa-24-340-01)

CVE-2024-11327 | ClickWhale Plugin up to 2.4.1 on WordPress cross site scripting

CVE-2025-5778 | 1000 Projects ABC Courier Management System 1.0 /adminSQL Username sql injection