ThinkAdmin v6 has default administrator credentials, which allows attackers to gain unrestricted administratior dashboard...
7.5CVSS
7.6AI Score
0.002EPSS
An arbitrary file upload vulnerability in the component /admin/api.upload/file of ThinkAdmin v6.1.53 allows attackers to execute arbitrary code via a crafted Zip...
8.8CVSS
8.8AI Score
0.001EPSS
An insecure unserialize vulnerability was discovered in ThinkAdmin versions 4.x through 6.x in app/admin/controller/api/Update.php and app/wechat/controller/api/Push.php, which may lead to arbitrary remote code...
9.8CVSS
9.7AI Score
0.012EPSS
ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read arbitrarily file on a remote server via GET request encode...
7.5CVSS
7.3AI Score
0.961EPSS
An issue in the component /admin/api.plugs/script of ThinkAdmin v6.1.53 allows attackers to getshell via providing a crafted URL to download a malicious PHP...
8.8CVSS
8.4AI Score
0.001EPSS
ThinkAdmin version v1 v6 has a stored XSS vulnerability which allows remote attackers to inject an arbitrary web script or...
5.4CVSS
5.2AI Score
0.001EPSS
An arbitrary file upload vulnerability in the component /api/upload.php of ThinkAdmin v6 allows attackers to execute arbitrary code via a crafted...
6.1CVSS
6.6AI Score
0.001EPSS
application\admin\controller\User.php in ThinkAdmin V4.0 does not prevent continued use of an administrator's cookie-based credentials after a password...
9.8CVSS
9.5AI Score
0.004EPSS