CVE-2024-10749 ThinkAdmin Plugs.php script deserialization

A vulnerability, which was classified as critical, was found in ThinkAdmin up to 6.1.67. Affected is the function script of the file /app/admin/controller/api/Plugs.php. The manipulation of the argument uptoken leads to deserialization. It is possible to launch the attack remotely. The complexity...

ThinkAdmin 代码问题漏洞

ThinkAdmin is ThinkAdmin open source a set of general purpose backend management system based on ThinkPHP framework. A code issue vulnerability exists in ThinkAdmin 6.1.67 and earlier versions, which stems from improper handling of the parameter uptoken, leading to deserialization...

VulnCheck KEV: CVE-2020-25540

ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read arbitrarily file on a remote server via GET request encode parameter...

ThinkAdmin Code Execution Vulnerability

ThinkAdmin is a general purpose backend management system based on the ThinkPHP framework. A security vulnerability exists in ThinkAdmin version v6.1.53, which originates from allowing arbitrary file uploads. An attacker can exploit the vulnerability to execute arbitrary code via a specially...

GHSA-7GQ9-P94F-G5V9 ThinkAdmin arbitrary file upload vulnerability

An arbitrary file upload vulnerability in the component /admin/api.upload/file of ThinkAdmin v6.1.53 allows attackers to execute arbitrary code via a crafted Zip file...

ThinkAdmin arbitrary file upload vulnerability

An arbitrary file upload vulnerability in the component /admin/api.upload/file of ThinkAdmin v6.1.53 allows attackers to execute arbitrary code via a crafted Zip file...

CVE-2023-48966

An arbitrary file upload vulnerability in the component /admin/api.upload/file of ThinkAdmin v6.1.53 allows attackers to execute arbitrary code via a crafted Zip file...

CVE-2023-48966

An arbitrary file upload vulnerability in the component /admin/api.upload/file of ThinkAdmin v6.1.53 allows attackers to execute arbitrary code via a crafted Zip file...

CVE-2023-48965

An issue in the component /admin/api.plugs/script of ThinkAdmin v6.1.53 allows attackers to getshell via providing a crafted URL to download a malicious PHP file...

CVE-2023-48965

An issue in the component /admin/api.plugs/script of ThinkAdmin v6.1.53 allows attackers to getshell via providing a crafted URL to download a malicious PHP file...

CVE-2023-48965

An issue in the component /admin/api.plugs/script of ThinkAdmin v6.1.53 allows attackers to getshell via providing a crafted URL to download a malicious PHP file...

CVE-2023-48966

An arbitrary file upload vulnerability in the component /admin/api.upload/file of ThinkAdmin v6.1.53 allows attackers to execute arbitrary code via a crafted Zip file...

CVE-2023-48965

ThinkAdmin v6.1.53 contains an issue in the component /admin/api.plugs/script that allows an attacker to obtain a shell by requesting a crafted URL which downloads a malicious PHP file. Public sources in the connected records confirm the vulnerability is tied to ThinkAdmin v6.1.53, with the NVD e...

ThinkAdmin 安全漏洞

ThinkAdmin is a general purpose backend management system based on the ThinkPHP framework. A security vulnerability exists in ThinkAdmin version v6.1.53, which originates from allowing arbitrary file uploads. An attacker can exploit the vulnerability to execute arbitrary code via a specially...

CVE-2023-48965

An issue in the component /admin/api.plugs/script of ThinkAdmin v6.1.53 allows attackers to getshell via providing a crafted URL to download a malicious PHP file...

PT-2023-31020 · Unknown · Thinkadmin

Name of the Vulnerable Software and Affected Versions: ThinkAdmin version 6.1.53 Description: An arbitrary file upload issue in the /admin/api.upload/file component allows attackers to execute arbitrary code via a crafted Zip file. Recommendations: For ThinkAdmin version 6.1.53, consider disablin...

ThinkAdmin Security Vulnerability

ThinkAdmin is a general purpose backend management system based on the ThinkPHP framework. A security vulnerability exists in ThinkAdmin version v6.1.53. An attacker can exploit this vulnerability to download malicious PHP files by providing a specially crafted URL to obtain a shell...

CVE-2023-48966

An arbitrary file upload vulnerability in the component /admin/api.upload/file of ThinkAdmin v6.1.53 allows attackers to execute arbitrary code via a crafted Zip file...

CVE-2023-48966

CVE-2023-48966 affects ThinkAdmin v6.1.53. The vulnerability exists in the /admin/api.upload/file component, allowing arbitrary file uploads and remote code execution via a crafted ZIP file. Documented impact is high (CVSSv3.1 8.8, AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Primary sources (NVD/CNVD/G...

CVE-2023-48965

An issue in the component /admin/api.plugs/script of ThinkAdmin v6.1.53 allows attackers to getshell via providing a crafted URL to download a malicious PHP file...