Vulnerabilities > Thinkadmin > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-13 | CVE-2020-23653 | Deserialization of Untrusted Data vulnerability in Thinkadmin 4.0/5.0/6.0 An insecure unserialize vulnerability was discovered in ThinkAdmin versions 4.x through 6.x in app/admin/controller/api/Update.php and app/wechat/controller/api/Push.php, which may lead to arbitrary remote code execution. | 9.8 |
| 2019-04-08 | CVE-2019-11018 | Improper Authentication vulnerability in Thinkadmin 4.0 application\admin\controller\User.php in ThinkAdmin V4.0 does not prevent continued use of an administrator's cookie-based credentials after a password change. | 9.8 |