Product:

Thinkadmin

(Thinkadmin)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 8
Date Id Summary Products Score Patch Annotated
2021-03-03 CVE-2020-35296 ThinkAdmin v6 has default administrator credentials, which allows attackers to gain unrestricted administratior dashboard access. Thinkadmin 7.5
2023-12-04 CVE-2023-48965 An issue in the component /admin/api.plugs/script of ThinkAdmin v6.1.53 allows attackers to getshell via providing a crafted URL to download a malicious PHP file. Thinkadmin 8.8
2023-12-04 CVE-2023-48966 An arbitrary file upload vulnerability in the component /admin/api.upload/file of ThinkAdmin v6.1.53 allows attackers to execute arbitrary code via a crafted Zip file. Thinkadmin 8.8
2019-04-08 CVE-2019-11018 application\admin\controller\User.php in ThinkAdmin V4.0 does not prevent continued use of an administrator's cookie-based credentials after a password change. Thinkadmin 9.8
2020-09-14 CVE-2020-25540 ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read arbitrarily file on a remote server via GET request encode parameter. Thinkadmin 7.5
2020-12-01 CVE-2020-29315 ThinkAdmin version v1 v6 has a stored XSS vulnerability which allows remote attackers to inject an arbitrary web script or HTML. Thinkadmin 5.4
2021-01-13 CVE-2020-23653 An insecure unserialize vulnerability was discovered in ThinkAdmin versions 4.x through 6.x in app/admin/controller/api/Update.php and app/wechat/controller/api/Push.php, which may lead to arbitrary remote code execution. Thinkadmin 9.8
2023-06-15 CVE-2023-34833 An arbitrary file upload vulnerability in the component /api/upload.php of ThinkAdmin v6 allows attackers to execute arbitrary code via a crafted file. Thinkadmin 6.1