What is CVE-2023-1971?

CVE-2023-1971 is a critical vulnerability found in yuan1994 tpAdmin 1.3.12, specifically affecting the function remote of the file 'pplication\\admin\\controller\\Upload.php. This vulnerability can lead to server-side request forgery, posing a threat to confidentiality, integrity, and availability.

Who is impacted by this?

Systems running yuan1994 tpAdmin 1.3.12 are at risk, with the vulnerability having a severity score of 4.9 MEDIUM (NIST) and 6.3 MEDIUM (VulDB). It's important to note that this vulnerability only affects version 1.3.12 of yuan1994 tpAdmin.

What should I do if I’m affected?

If you're affected by the CVE-2023-1971 vulnerability, it's crucial to take action to protect your system. Unfortunately, there's limited information available on specific mitigation steps. However, you can consider replacing the affected yuan1994 tpAdmin 1.3.12 software with an alternative product to reduce the risk of server-side request forgery.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2023-1971 vulnerability, also known as Server-Side Request Forgery (SSRF) in yuan1994 tpAdmin 1.3.12, is not mentioned in CISA's Known Exploited Vulnerabilities Catalog. It was added to the National Vulnerability Database on April 10, 2023. There is no information available on a due date or required action for this vulnerability.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-918, which is a server-side request forgery issue in yuan1994 tpAdmin 1.3.12.

Learn More

CVE-2023-1971 is a critical vulnerability in yuan1994 tpAdmin 1.3.12, affecting server-side request forgery. To learn more about its description, severity, technical details, and affected software configurations, refer to the NVD page and the sources listed below.

• tib36.github.io - Further analysis of the vulnerability and public exploit

• VulDB - Technical details and affected software configurations