107 matches found
ThinkAdmin 6 - Local File Inclusion
ThinkAdmin version 6 is affected by a local file inclusion vulnerability because an unauthorized attacker can read arbitrary files on a remote server via GET request encode parameter. id: CVE-2020-25540 info: name: ThinkAdmin 6 - Local File Inclusion author: geeknik severity: high description:...
EUVD-2021-1196
Malware in sbrugna...
EUVD-2024-33280
Malicious code in bioql PyPI...
EUVD-2023-3145
Malicious code in bioql PyPI...
EUVD-2022-5029
Malicious code in bioql PyPI...
EUVD-2023-52992
Malicious code in bioql PyPI...
EUVD-2023-38874
Malicious code in bioql PyPI...
CVE-2024-10749
A vulnerability, which was classified as critical, was found in ThinkAdmin up to 6.1.67. Affected is the function script of the file /app/admin/controller/api/Plugs.php. The manipulation of the argument uptoken leads to deserialization. It is possible to launch the attack remotely. The complexity...
CVE-2023-48965
An issue in the component /admin/api.plugs/script of ThinkAdmin v6.1.53 allows attackers to getshell via providing a crafted URL to download a malicious PHP file...
CVE-2023-34833
An arbitrary file upload vulnerability in the component /api/upload.php of ThinkAdmin v6 allows attackers to execute arbitrary code via a crafted file...
CVE-2020-23653
An insecure unserialize vulnerability was discovered in ThinkAdmin versions 4.x through 6.x in app/admin/controller/api/Update.php and app/wechat/controller/api/Push.php, which may lead to arbitrary remote code execution...
CVE-2020-35296
ThinkAdmin v6 has default administrator credentials, which allows attackers to gain unrestricted administratior dashboard access...
CVE-2020-29315
ThinkAdmin version v1 v6 has a stored XSS vulnerability which allows remote attackers to inject an arbitrary web script or HTML...
CVE-2020-25540
ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read arbitrarily file on a remote server via GET request encode parameter...
CVE-2019-11018
application\admin\controller\User.php in ThinkAdmin V4.0 does not prevent continued use of an administrator's cookie-based credentials after a password change...
CVE-2024-10749
A vulnerability, which was classified as critical, was found in ThinkAdmin up to 6.1.67. Affected is the function script of the file /app/admin/controller/api/Plugs.php. The manipulation of the argument uptoken leads to deserialization. It is possible to launch the attack remotely. The complexity...
CVE-2024-10749
A vulnerability, which was classified as critical, was found in ThinkAdmin up to 6.1.67. Affected is the function script of the file /app/admin/controller/api/Plugs.php. The manipulation of the argument uptoken leads to deserialization. It is possible to launch the attack remotely. The complexity...
CVE-2024-10749 ThinkAdmin Plugs.php script deserialization
A vulnerability, which was classified as critical, was found in ThinkAdmin up to 6.1.67. Affected is the function script of the file /app/admin/controller/api/Plugs.php. The manipulation of the argument uptoken leads to deserialization. It is possible to launch the attack remotely. The complexity...
CVE-2024-10749
ThinkAdmin (up to version 6.1.67) contains a deserialization vulnerability in /app/admin/controller/api/Plugs.php, caused by manipulating the uptoken argument. This enables remote exploitation and is described as a critical issue; exploitability is noted as difficult, but the attack is possible r...
CVE-2024-10749 ThinkAdmin Plugs.php script deserialization
A vulnerability, which was classified as critical, was found in ThinkAdmin up to 6.1.67. Affected is the function script of the file /app/admin/controller/api/Plugs.php. The manipulation of the argument uptoken leads to deserialization. It is possible to launch the attack remotely. The complexity...