Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Ctolog Subscribe
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-35296 1 Ctolog 1 Thinkadmin 2021-03-09 5.0 MEDIUM 7.5 HIGH
ThinkAdmin v6 has default administrator credentials, which allows attackers to gain unrestricted administratior dashboard access.
CVE-2020-23653 1 Ctolog 1 Thinkadmin 2021-01-19 7.5 HIGH 9.8 CRITICAL
An insecure unserialize vulnerability was discovered in ThinkAdmin versions 4.x through 6.x in app/admin/controller/api/Update.php and app/wechat/controller/api/Push.php, which may lead to arbitrary remote code execution.
CVE-2020-29315 1 Ctolog 1 Thinkadmin 2020-12-02 4.3 MEDIUM 5.4 MEDIUM
ThinkAdmin version v1 v6 has a stored XSS vulnerability which allows remote attackers to inject an arbitrary web script or HTML.
CVE-2020-25540 1 Ctolog 1 Thinkadmin 2020-09-17 5.0 MEDIUM 7.5 HIGH
ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read arbitrarily file on a remote server via GET request encode parameter.
CVE-2019-11018 1 Ctolog 1 Thinkadmin 2020-08-24 5.0 MEDIUM 9.8 CRITICAL
application\admin\controller\User.php in ThinkAdmin V4.0 does not prevent continued use of an administrator's cookie-based credentials after a password change.