Vulnerabilities (CVE)

Filtered by vendor Thinkadmin Subscribe

Filtered by product Thinkadmin

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 4 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2023-48966	1 Thinkadmin	1 Thinkadmin	2023-12-07	N/A	8.8 HIGH
An arbitrary file upload vulnerability in the component /admin/api.upload/file of ThinkAdmin v6.1.53 allows attackers to execute arbitrary code via a crafted Zip file.
CVE-2023-48965	1 Thinkadmin	1 Thinkadmin	2023-12-07	N/A	8.8 HIGH
An issue in the component /admin/api.plugs/script of ThinkAdmin v6.1.53 allows attackers to getshell via providing a crafted URL to download a malicious PHP file.
CVE-2020-35296	1 Thinkadmin	1 Thinkadmin	2023-12-07	5.0 MEDIUM	7.5 HIGH
ThinkAdmin v6 has default administrator credentials, which allows attackers to gain unrestricted administratior dashboard access.
CVE-2020-25540	1 Thinkadmin	1 Thinkadmin	2023-12-07	5.0 MEDIUM	7.5 HIGH
ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read arbitrarily file on a remote server via GET request encode parameter.