CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

108 matches found

OSV•added 2021/05/06 6:53 p.m.•19 views

GHSA-V47F-VP3P-5J6H Cross-site scripting in ThinkAdmin

ThinkAdmin version v6 has a stored XSS vulnerability which allows remote attackers to inject an arbitrary web script or HTML...

5.4CVSS5.3AI score0.00201EPSS

Exploits1References4

Github Security Blog•added 2021/05/06 6:53 p.m.•62 views

Cross-site scripting in ThinkAdmin

ThinkAdmin version v6 has a stored XSS vulnerability which allows remote attackers to inject an arbitrary web script or HTML...

5.4CVSS5.3AI score0.00201EPSS

Exploits1References4Affected Software1

NVD•added 2021/03/03 4:15 p.m.•11 views

CVE-2020-35296

ThinkAdmin v6 has default administrator credentials, which allows attackers to gain unrestricted administratior dashboard access...

7.5CVSS0.01102EPSS

Exploits1References3

OSV•added 2021/03/03 4:15 p.m.•3 views

CVE-2020-35296

ThinkAdmin v6 has default administrator credentials, which allows attackers to gain unrestricted administratior dashboard access...

7.5CVSS5.8AI score0.01102EPSS

Exploits1References3

Prion•added 2021/03/03 4:15 p.m.•14 views

Design/Logic Flaw

ThinkAdmin v6 has default administrator credentials, which allows attackers to gain unrestricted administratior dashboard access...

5CVSS7.7AI score0.01102EPSS

Exploits1References3Affected Software1

CVE•added 2021/03/03 3:4 p.m.•42 views

CVE-2020-35296

ThinkAdmin v6 contains default administrator credentials that enable attackers to gain unrestricted access to the administrator dashboard. The CVE entry notes unrestricted admin access as the impact. Public references corroborate default-credential risk, but exploit details are not provided in th...

7.5CVSS7.6AI score0.01102EPSS

Exploits1References3Affected Software1

Cvelist•added 2021/03/03 3:4 p.m.•12 views

CVE-2020-35296

ThinkAdmin v6 has default administrator credentials, which allows attackers to gain unrestricted administratior dashboard access...

7.7AI score0.01102EPSS

Exploits1References3

Positive Technologies•added 2021/03/03 12:0 a.m.•4 views

PT-2021-11745 · Unknown · Thinkadmin

Name of the Vulnerable Software and Affected Versions: ThinkAdmin version 6 Description: The issue concerns default administrator credentials in ThinkAdmin, allowing attackers to gain unrestricted access to the administrator dashboard. Recommendations: For ThinkAdmin version 6, change the default...

7.5CVSS7.5AI score0.01102EPSS

Exploits1References7

CNNVD•added 2021/03/03 12:0 a.m.•3 views

ThinkAdmin 信任管理问题漏洞

ThinkAdmin is a general purpose backend management system based on the ThinkPHP framework. A security vulnerability exists in ThinkAdmin v6 that stems from having default administrator credentials, which allows an attacker to exploit the vulnerability to gain unrestricted access to the...

7.5CVSS7.4AI score0.01102EPSS

Exploits1References3

NVD•added 2021/01/13 6:15 p.m.•12 views

CVE-2020-23653

An insecure unserialize vulnerability was discovered in ThinkAdmin versions 4.x through 6.x in app/admin/controller/api/Update.php and app/wechat/controller/api/Push.php, which may lead to arbitrary remote code execution...

9.8CVSS9.8AI score0.11196EPSS

Exploits1References1

OSV•added 2021/01/13 6:15 p.m.•3 views

CVE-2020-23653

9.8CVSS7.7AI score

Exploits0References1

Prion•added 2021/01/13 6:15 p.m.•24 views

Remote code execution

7.5CVSS9.7AI score0.11196EPSS

Exploits1References1Affected Software1

CVE•added 2021/01/13 5:47 p.m.•56 views

CVE-2020-23653

CVE-2020-23653 : ThinkAdmin versions 4.x–6.x contain an insecure unserialize vulnerability in two files, app/admin/controller/api/Update.php and app/wechat/controller/api/Push.php, which may lead to arbitrary remote code execution. The Red Hat and GHSA entries concur on the vulnerable components ...

9.8CVSS9.7AI score0.11196EPSS

Exploits1References1Affected Software1

Cvelist•added 2021/01/13 5:47 p.m.•10 views

CVE-2020-23653

9.8AI score0.11196EPSS

Exploits1References1

CNNVD•added 2021/01/13 12:0 a.m.•2 views

ThinkAdmin Code Issues Vulnerabilities

ThinkAdmin is a general purpose backend management system based on the ThinkPHP framework. ThinkAdmin version 4 has a security vulnerability vulnerability , the vulnerability stems from insecure deserialization , an attacker can use the vulnerability to remotely execute arbitrary code...

9.8CVSS7.7AI score0.11196EPSS

Exploits1References2

Positive Technologies•added 2021/01/13 12:0 a.m.•3 views

PT-2021-10922 · Unknown · Thinkadmin

Name of the Vulnerable Software and Affected Versions: ThinkAdmin versions 4.x through 6.x Description: An insecure unserialize vulnerability was discovered in ThinkAdmin, which may lead to arbitrary remote code execution. The issue is located in files such as "app/admin/controller/api/Update.php...

9.8CVSS9.6AI score0.11196EPSS

Exploits1References8

CNVD•added 2020/12/02 12:0 a.m.•15 views

ThinkAdmin Cross-Site Scripting Vulnerability

ThinkAdmin is a backend administration framework developed based on the latest ThinkPHP V6 , using the MIT protocol open source. thinkAdmin v1, v6 exists a stored cross-site scripting vulnerability. A remote attacker can use the vulnerability to inject arbitrary Web script or HTML...

5.4CVSS0.8AI score0.00201EPSS

Exploits1References1

OSV•added 2020/12/01 5:15 p.m.•0 views

CVE-2020-29315

ThinkAdmin version v1 v6 has a stored XSS vulnerability which allows remote attackers to inject an arbitrary web script or HTML...

5.4CVSS5.9AI score

Exploits0References1

NVD•added 2020/12/01 5:15 p.m.•14 views

CVE-2020-29315

ThinkAdmin version v1 v6 has a stored XSS vulnerability which allows remote attackers to inject an arbitrary web script or HTML...

5.4CVSS5.3AI score0.00201EPSS

Exploits1References1