Vulnerabilities > Thinkadmin
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-04 | CVE-2024-10749 | Deserialization of Untrusted Data vulnerability in Thinkadmin A vulnerability, which was classified as critical, was found in ThinkAdmin up to 6.1.67. | 8.1 |
| 2023-12-04 | CVE-2023-48965 | Unrestricted Upload of File with Dangerous Type vulnerability in Thinkadmin 6.1.53 An issue in the component /admin/api.plugs/script of ThinkAdmin v6.1.53 allows attackers to getshell via providing a crafted URL to download a malicious PHP file. | 8.8 |
| 2023-12-04 | CVE-2023-48966 | Unrestricted Upload of File with Dangerous Type vulnerability in Thinkadmin 6.1.53 An arbitrary file upload vulnerability in the component /admin/api.upload/file of ThinkAdmin v6.1.53 allows attackers to execute arbitrary code via a crafted Zip file. | 8.8 |
| 2023-06-15 | CVE-2023-34833 | Unrestricted Upload of File with Dangerous Type vulnerability in Thinkadmin 6.0 An arbitrary file upload vulnerability in the component /api/upload.php of ThinkAdmin v6 allows attackers to execute arbitrary code via a crafted file. | 6.1 |
| 2021-03-03 | CVE-2020-35296 | Use of Hard-coded Credentials vulnerability in Thinkadmin 6.0 ThinkAdmin v6 has default administrator credentials, which allows attackers to gain unrestricted administratior dashboard access. | 7.5 |
| 2021-01-13 | CVE-2020-23653 | Deserialization of Untrusted Data vulnerability in Thinkadmin 4.0/5.0/6.0 An insecure unserialize vulnerability was discovered in ThinkAdmin versions 4.x through 6.x in app/admin/controller/api/Update.php and app/wechat/controller/api/Push.php, which may lead to arbitrary remote code execution. | 9.8 |
| 2020-12-01 | CVE-2020-29315 | Cross-site Scripting vulnerability in Thinkadmin 1.0/6.0 ThinkAdmin version v1 v6 has a stored XSS vulnerability which allows remote attackers to inject an arbitrary web script or HTML. | 5.4 |
| 2020-09-14 | CVE-2020-25540 | Path Traversal vulnerability in Thinkadmin 6.0 ThinkAdmin v6 is affected by a directory traversal vulnerability. | 7.5 |
| 2019-04-08 | CVE-2019-11018 | Improper Authentication vulnerability in Thinkadmin 4.0 application\admin\controller\User.php in ThinkAdmin V4.0 does not prevent continued use of an administrator's cookie-based credentials after a password change. | 9.8 |