RSS   Podatności dla 'Thinkadmin'   RSS

2021-03-03
 
CVE-2020-35296

CWE-798
 

 
ThinkAdmin v6 has default administrator credentials, which allows attackers to gain unrestricted administratior dashboard access.

 
2021-01-13
 
CVE-2020-23653

CWE-502
 

 
An insecure unserialize vulnerability was discovered in ThinkAdmin versions 4.x through 6.x in app/admin/controller/api/Update.php and app/wechat/controller/api/Push.php, which may lead to arbitrary remote code execution.

 
2020-12-01
 
CVE-2020-29315

CWE-79
 

 
ThinkAdmin version v1 v6 has a stored XSS vulnerability which allows remote attackers to inject an arbitrary web script or HTML.

 
2020-09-14
 
CVE-2020-25540

CWE-22
 

 
ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read arbitrarily file on a remote server via GET request encode parameter.

 
2019-04-08
 
CVE-2019-11018

CWE-255
 

 
application\admin\controller\User.php in ThinkAdmin V4.0 does not prevent continued use of an administrator's cookie-based credentials after a password change.

 


Copyright 2024, cxsecurity.com

 

Back to Top