Thinkadmin CVE - OpenCVE

Filtered by vendor Thinkadmin Subscriptions

Total 8 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2019-11018	1 Thinkadmin	1 Thinkadmin	2024-08-04	N/A
application\admin\controller\User.php in ThinkAdmin V4.0 does not prevent continued use of an administrator's cookie-based credentials after a password change.
CVE-2020-35296	1 Thinkadmin	1 Thinkadmin	2024-08-04	7.5 High
ThinkAdmin v6 has default administrator credentials, which allows attackers to gain unrestricted administratior dashboard access.
CVE-2020-29315	1 Thinkadmin	1 Thinkadmin	2024-08-04	5.4 Medium
ThinkAdmin version v1 v6 has a stored XSS vulnerability which allows remote attackers to inject an arbitrary web script or HTML.
CVE-2020-25540	1 Thinkadmin	1 Thinkadmin	2024-08-04	7.5 High
ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read arbitrarily file on a remote server via GET request encode parameter.
CVE-2020-23653	1 Thinkadmin	1 Thinkadmin	2024-08-04	9.8 Critical
An insecure unserialize vulnerability was discovered in ThinkAdmin versions 4.x through 6.x in app/admin/controller/api/Update.php and app/wechat/controller/api/Push.php, which may lead to arbitrary remote code execution.
CVE-2023-48965	1 Thinkadmin	1 Thinkadmin	2024-08-02	8.8 High
An issue in the component /admin/api.plugs/script of ThinkAdmin v6.1.53 allows attackers to getshell via providing a crafted URL to download a malicious PHP file.
CVE-2023-48966	1 Thinkadmin	1 Thinkadmin	2024-08-02	8.8 High
An arbitrary file upload vulnerability in the component /admin/api.upload/file of ThinkAdmin v6.1.53 allows attackers to execute arbitrary code via a crafted Zip file.
CVE-2023-34833	1 Thinkadmin	1 Thinkadmin	2024-08-02	6.1 Medium
An arbitrary file upload vulnerability in the component /api/upload.php of ThinkAdmin v6 allows attackers to execute arbitrary code via a crafted file.

Page 1 of 1.