107 matches found
CVE-2023-34833
An arbitrary file upload vulnerability in the component /api/upload.php of ThinkAdmin v6 allows attackers to execute arbitrary code via a crafted file...
CVE-2023-34833
An arbitrary file upload vulnerability in the component /api/upload.php of ThinkAdmin v6 allows attackers to execute arbitrary code via a crafted file...
Privilege escalation
An arbitrary file upload vulnerability in the component /api/upload.php of ThinkAdmin v6 allows attackers to execute arbitrary code via a crafted file...
PT-2023-25019 · Unknown · Thinkadmin
Name of the Vulnerable Software and Affected Versions: ThinkAdmin version 6 Description: An arbitrary file upload issue in the "api/upload.php" endpoint allows attackers to execute arbitrary code via a crafted file. Recommendations: For ThinkAdmin version 6, consider disabling the /api/upload.php...
ThinkAdmin 代码问题漏洞
ThinkAdmin is a general-purpose backend management system based on ThinkPHP framework. ThinkAdmin v6 version has a security vulnerability, the vulnerability stems from /api/upload.php in the existence of arbitrary file upload vulnerability, an attacker can be constructed through the file to execu...
CVE-2023-34833
An arbitrary file upload vulnerability in the component /api/upload.php of ThinkAdmin v6 allows attackers to execute arbitrary code via a crafted file...
CVE-2023-34833
An arbitrary file upload vulnerability in the component /api/upload.php of ThinkAdmin v6 allows attackers to execute arbitrary code via a crafted file...
CVE-2023-34833
CVE-2023-34833 describes an arbitrary file upload vulnerability in ThinkAdmin v6 at the /api/upload.php endpoint, enabling attackers to run arbitrary code via a crafted file. Affected product: ThinkAdmin v6; vulnerable component: /api/upload.php. Underlying issue: arbitrary file upload without pr...
ThinkAdmin Admin Panel Access using Default Credentials
ThinkAdmin v6 has default administrator credentials, which allows attackers to gain unrestricted administratior dashboard access...
GHSA-CXV7-6JGF-7GWF ThinkAdmin Admin Panel Access using Default Credentials
ThinkAdmin v6 has default administrator credentials, which allows attackers to gain unrestricted administratior dashboard access...
GHSA-4VP2-MJ4M-69M4 ThinkAdmin insecure unserialize vulnerability
An insecure unserialize vulnerability was discovered in ThinkAdmin versions 4.x through 6.x in app/admin/controller/api/Update.php and app/wechat/controller/api/Push.php, which may lead to arbitrary remote code execution...
ThinkAdmin insecure unserialize vulnerability
An insecure unserialize vulnerability was discovered in ThinkAdmin versions 4.x through 6.x in app/admin/controller/api/Update.php and app/wechat/controller/api/Push.php, which may lead to arbitrary remote code execution...
GHSA-2QM5-R82G-5HCX ThinkAdmin directory traversal vulnerability
ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read arbitrarily file on a remote server via GET request encode parameter...
ThinkAdmin directory traversal vulnerability
ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read arbitrarily file on a remote server via GET request encode parameter...
GHSA-QV5J-RWQ3-M823 ThinkAdmin Administrator cookies still working after password change
application\admin\controller\User.php in ThinkAdmin V4.0 does not prevent continued use of an administrator's cookie-based credentials after a password change...
ThinkAdmin Administrator cookies still working after password change
application\admin\controller\User.php in ThinkAdmin V4.0 does not prevent continued use of an administrator's cookie-based credentials after a password change...
Cross-site Scripting (XSS) - DOM in zoujingli/thinkadmin
Description DOM based xss via url hash frgament Proof of Concept First login into https://v6.thinkadmin.top and then visit https://v6.thinkadmin.top/admin.htmlhttps://bbounty.000webhostapp.com/cors.php?id=xxxxx2 and see xss is executed Impact DOM based xss via url hash fragment...
Cross-site Scripting (XSS) - Stored in zoujingli/thinkadmin
Description Stored xss via name Proof of Concept 1. First goto https://v6.thinkadmin.top/admin.html/admin/base.html?type=datea&spm=m-2-4-8 and edit a data and put bellow xss payload in Data name field . xss"' Now see xss is executed VIEDO...
Unauthorized access vulnerability in ThinkAdmin (CNVD-2021-47694)
ThinkAdmin is a general purpose backend management system based on the ThinkPHP framework. ThinkAdmin has an unauthorized access vulnerability that can be exploited by attackers to obtain sensitive information...
GHSA-V47F-VP3P-5J6H Cross-site scripting in ThinkAdmin
ThinkAdmin version v6 has a stored XSS vulnerability which allows remote attackers to inject an arbitrary web script or HTML...