Product
thinkadmin
9 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2024-10749
CVE-2023-48966
CVE-2023-48965
CVE-2023-34833
CVE-2020-35296
CVE-2020-23653
CVE-2020-29315
CVE-2020-25540
CVE-2019-11018
>= 6.0 and <= 6.1.67
A vulnerability, which was classified as critical, was found in ThinkAdmin up to 6.1.67. Affected is the function script of the fi
all versions
An arbitrary file upload vulnerability in the component /admin/api.upload/file of ThinkAdmin v6.1.53 allows attackers to execute a
all versions
An issue in the component /admin/api.plugs/script of ThinkAdmin v6.1.53 allows attackers to getshell via providing a crafted URL t
all versions
An arbitrary file upload vulnerability in the component /api/upload.php of ThinkAdmin v6 allows attackers to execute arbitrary cod
all versions
ThinkAdmin v6 has default administrator credentials, which allows attackers to gain unrestricted administratior dashboard access.
>= 4.0 and <= 6.0
An insecure unserialize vulnerability was discovered in ThinkAdmin versions 4.x through 6.x in app/admin/controller/api/Update.php
all versions
ThinkAdmin version v1 v6 has a stored XSS vulnerability which allows remote attackers to inject an arbitrary web script or HTML.
all versions
ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read arbitrarily file on a remote s
all versions
application\admin\controller\User.php in ThinkAdmin V4.0 does not prevent continued use of an administrator's cookie-based credent