Title: H-ui.admin v3.1 RCE Description: A critical Remote Code Execution vulnerability exists in H-ui.admin system's WebUploader preview component. The file lacks proper authentication and file validation, allowing unauthenticated attackers to upload arbitrary PHP files directly to the web server. This results in immediate Remote Code Execution with web server privileges. Source: https://github.com/TiKi-r/CVE-Report/blob/main/H-ui.admin%20RCE.md User: sT1TcH (UID 91291) Submission Date: 12/22/2025 12:45 PM Moderation Date: 01/01/2026 12:15 PM Status: Accepted VulDB Entry: 339348 (Jackying H-ui.admin up to 3.1 preview.php unrestricted upload) Points: 20