PatchSiren

SB-MaterialAdmin CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH SB-MaterialAdmin CVE published 2026-05-28

CVE-2026-30761

An arbitrary file upload vulnerability exists in SourceBans Material Admin v1.1.6, specifically within the pages/admin.uploadmapimg.php component. The flaw allows attackers to upload crafted image files that can lead to arbitrary code execution. This vulnerability was disclosed on May 28, 2026, and affects the web-based administration interface for SourceBans, a ban management system for Source engine gam [truncated]

HIGH SB-MaterialAdmin CVE published 2026-05-28

CVE-2026-30760

An issue in SourceBans Material Admin before v.1.1.6 (3ecd95e) allows attackers to manipulate arbitrary user data in the web app via a crafted XAJAX call.