Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-35296 | 1 Ctolog | 1 Thinkadmin | 2021-03-09 | 5.0 MEDIUM | 7.5 HIGH |
| ThinkAdmin v6 has default administrator credentials, which allows attackers to gain unrestricted administratior dashboard access. | |||||
| CVE-2020-23653 | 1 Ctolog | 1 Thinkadmin | 2021-01-19 | 7.5 HIGH | 9.8 CRITICAL |
| An insecure unserialize vulnerability was discovered in ThinkAdmin versions 4.x through 6.x in app/admin/controller/api/Update.php and app/wechat/controller/api/Push.php, which may lead to arbitrary remote code execution. | |||||
| CVE-2020-29315 | 1 Ctolog | 1 Thinkadmin | 2020-12-02 | 4.3 MEDIUM | 5.4 MEDIUM |
| ThinkAdmin version v1 v6 has a stored XSS vulnerability which allows remote attackers to inject an arbitrary web script or HTML. | |||||
| CVE-2020-25540 | 1 Ctolog | 1 Thinkadmin | 2020-09-17 | 5.0 MEDIUM | 7.5 HIGH |
| ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read arbitrarily file on a remote server via GET request encode parameter. | |||||
| CVE-2019-11018 | 1 Ctolog | 1 Thinkadmin | 2020-08-24 | 5.0 MEDIUM | 9.8 CRITICAL |
| application\admin\controller\User.php in ThinkAdmin V4.0 does not prevent continued use of an administrator's cookie-based credentials after a password change. | |||||