Skip to main content

Thinkadmin

7 CVEs product

Monthly

CVE-2024-10749 LOW Monitor

A vulnerability, which was classified as critical, was found in ThinkAdmin up to 6.1.67. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization PHP Thinkadmin
NVD GitHub VulDB
CVSS 4.0
2.3
EPSS
0.5%
CVE-2023-48966 PHP HIGH POC This Week

An arbitrary file upload vulnerability in the component /admin/api.upload/file of ThinkAdmin v6.1.53 allows attackers to execute arbitrary code via a crafted Zip file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Thinkadmin
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-48965 HIGH POC This Week

An issue in the component /admin/api.plugs/script of ThinkAdmin v6.1.53 allows attackers to getshell via providing a crafted URL to download a malicious PHP file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Thinkadmin
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-34833 MEDIUM POC This Month

An arbitrary file upload vulnerability in the component /api/upload.php of ThinkAdmin v6 allows attackers to execute arbitrary code via a crafted file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Thinkadmin
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2020-29315 PHP MEDIUM POC PATCH This Month

ThinkAdmin version v1 v6 has a stored XSS vulnerability which allows remote attackers to inject an arbitrary web script or HTML. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Thinkadmin
NVD GitHub
CVSS 3.1
5.4
EPSS
1.0%
CVE-2020-25540 PHP HIGH POC THREAT This Week

ThinkAdmin v6 is affected by a directory traversal vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Thinkadmin
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
75.9%
CVE-2019-11018 PHP CRITICAL POC Act Now

application\admin\controller\User.php in ThinkAdmin V4.0 does not prevent continued use of an administrator's cookie-based credentials after a password change. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Thinkadmin
NVD GitHub
CVSS 3.0
9.8
EPSS
1.4%
EPSS 1% CVSS 2.3
LOW Monitor

A vulnerability, which was classified as critical, was found in ThinkAdmin up to 6.1.67. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization PHP Thinkadmin
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH POC This Week

An arbitrary file upload vulnerability in the component /admin/api.upload/file of ThinkAdmin v6.1.53 allows attackers to execute arbitrary code via a crafted Zip file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Thinkadmin
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

An issue in the component /admin/api.plugs/script of ThinkAdmin v6.1.53 allows attackers to getshell via providing a crafted URL to download a malicious PHP file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Thinkadmin
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

An arbitrary file upload vulnerability in the component /api/upload.php of ThinkAdmin v6 allows attackers to execute arbitrary code via a crafted file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP +1
NVD
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

ThinkAdmin version v1 v6 has a stored XSS vulnerability which allows remote attackers to inject an arbitrary web script or HTML. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Thinkadmin
NVD GitHub
EPSS 76% CVSS 7.5
HIGH POC THREAT This Week

ThinkAdmin v6 is affected by a directory traversal vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Thinkadmin
NVD GitHub Exploit-DB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

application\admin\controller\User.php in ThinkAdmin V4.0 does not prevent continued use of an administrator's cookie-based credentials after a password change. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Thinkadmin
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy