zoujingli/thinkadmin

Packagist6 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting zoujingli/thinkadminpage 1 of 1

CVE-2019-11018CRITICALCVSS 9.8EG 9.8
2019-04-08
vulnerable: 4.0
application\admin\controller\User.php in ThinkAdmin V4.0 does not prevent continued use of an administrator's cookie-based credentials after a password change.
CVE-2020-23653CRITICALCVSS 9.8EG 9.8✓ Fixed in 6.1.0
2021-01-13
An insecure unserialize vulnerability was discovered in ThinkAdmin versions 4.x through 6.x in app/admin/controller/api/Update.php and app/wechat/controller/api/Push.php, which may lead to arbitrary remote code execution.
CVE-2020-25540HIGHCVSS 7.5EG 7.5
2020-09-14
vulnerable: 6.0
ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read arbitrarily file on a remote server via GET request encode parameter.
CVE-2020-29315MEDIUMCVSS 5.4EG 5.4✓ Fixed in 6.0.22
2020-12-01
ThinkAdmin version v1 v6 has a stored XSS vulnerability which allows remote attackers to inject an arbitrary web script or HTML.
CVE-2020-35296HIGHCVSS 7.5EG 7.5
2021-03-03
vulnerable: 6.0
ThinkAdmin v6 has default administrator credentials, which allows attackers to gain unrestricted administratior dashboard access.
CVE-2023-48966HIGHCVSS 8.8EG 8.8
2023-12-04
vulnerable: v6.1.0 ... v6.1.7 (7 versions)
An arbitrary file upload vulnerability in the component /admin/api.upload/file of ThinkAdmin v6.1.53 allows attackers to execute arbitrary code via a crafted Zip file.

Check whether zoujingli/thinkadmin is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for zoujingli/thinkadmin CVEs against the assets you own.

Start Free Scan →