108 matches found
CVE-2023-34833
An arbitrary file upload vulnerability in the component /api/upload.php of ThinkAdmin v6 allows attackers to execute arbitrary code via a crafted file...
CVE-2023-34833
An arbitrary file upload vulnerability in the component /api/upload.php of ThinkAdmin v6 allows attackers to execute arbitrary code via a crafted file...
CVE-2023-34833
An arbitrary file upload vulnerability in the component /api/upload.php of ThinkAdmin v6 allows attackers to execute arbitrary code via a crafted file...
Privilege escalation
An arbitrary file upload vulnerability in the component /api/upload.php of ThinkAdmin v6 allows attackers to execute arbitrary code via a crafted file...
CVE-2023-34833
An arbitrary file upload vulnerability in the component /api/upload.php of ThinkAdmin v6 allows attackers to execute arbitrary code via a crafted file...
ThinkAdmin 代码问题漏洞
ThinkAdmin is a general-purpose backend management system based on ThinkPHP framework. ThinkAdmin v6 version has a security vulnerability, the vulnerability stems from /api/upload.php in the existence of arbitrary file upload vulnerability, an attacker can be constructed through the file to execu...
CVE-2023-34833
An arbitrary file upload vulnerability in the component /api/upload.php of ThinkAdmin v6 allows attackers to execute arbitrary code via a crafted file...
PT-2023-25019 · Unknown · Thinkadmin
Name of the Vulnerable Software and Affected Versions: ThinkAdmin version 6 Description: An arbitrary file upload issue in the "api/upload.php" endpoint allows attackers to execute arbitrary code via a crafted file. Recommendations: For ThinkAdmin version 6, consider disabling the /api/upload.php...
CVE-2023-34833
CVE-2023-34833 describes an arbitrary file upload vulnerability in ThinkAdmin v6 at the /api/upload.php endpoint, enabling attackers to run arbitrary code via a crafted file. Affected product: ThinkAdmin v6; vulnerable component: /api/upload.php. Underlying issue: arbitrary file upload without pr...
GHSA-CXV7-6JGF-7GWF ThinkAdmin Admin Panel Access using Default Credentials
ThinkAdmin v6 has default administrator credentials, which allows attackers to gain unrestricted administratior dashboard access...
ThinkAdmin Admin Panel Access using Default Credentials
ThinkAdmin v6 has default administrator credentials, which allows attackers to gain unrestricted administratior dashboard access...
GHSA-4VP2-MJ4M-69M4 ThinkAdmin insecure unserialize vulnerability
An insecure unserialize vulnerability was discovered in ThinkAdmin versions 4.x through 6.x in app/admin/controller/api/Update.php and app/wechat/controller/api/Push.php, which may lead to arbitrary remote code execution...
ThinkAdmin insecure unserialize vulnerability
An insecure unserialize vulnerability was discovered in ThinkAdmin versions 4.x through 6.x in app/admin/controller/api/Update.php and app/wechat/controller/api/Push.php, which may lead to arbitrary remote code execution...
GHSA-2QM5-R82G-5HCX ThinkAdmin directory traversal vulnerability
ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read arbitrarily file on a remote server via GET request encode parameter...
ThinkAdmin directory traversal vulnerability
ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read arbitrarily file on a remote server via GET request encode parameter...
ThinkAdmin Administrator cookies still working after password change
application\admin\controller\User.php in ThinkAdmin V4.0 does not prevent continued use of an administrator's cookie-based credentials after a password change...
GHSA-QV5J-RWQ3-M823 ThinkAdmin Administrator cookies still working after password change
application\admin\controller\User.php in ThinkAdmin V4.0 does not prevent continued use of an administrator's cookie-based credentials after a password change...
Cross-site Scripting (XSS) - DOM in zoujingli/thinkadmin
Description DOM based xss via url hash frgament Proof of Concept First login into https://v6.thinkadmin.top and then visit https://v6.thinkadmin.top/admin.htmlhttps://bbounty.000webhostapp.com/cors.php?id=xxxxx2 and see xss is executed Impact DOM based xss via url hash fragment...
Cross-site Scripting (XSS) - Stored in zoujingli/thinkadmin
Description Stored xss via name Proof of Concept 1. First goto https://v6.thinkadmin.top/admin.html/admin/base.html?type=datea&spm=m-2-4-8 and edit a data and put bellow xss payload in Data name field . xss"' Now see xss is executed VIEDO...
Unauthorized access vulnerability in ThinkAdmin (CNVD-2021-47694)
ThinkAdmin is a general purpose backend management system based on the ThinkPHP framework. ThinkAdmin has an unauthorized access vulnerability that can be exploited by attackers to obtain sensitive information...