CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-23653

An insecure unserialize vulnerability was discovered in ThinkAdmin versions 4.x through 6.x in app/admin/controller/api/Update.php and app/wechat/controller/api/Push.php, which may lead to arbitrary remote code execution.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.127

EPSS Ranking 93.7%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

https://github.com/zoujingli/ThinkAdmin/issues/238
https://github.com/zoujingli/ThinkAdmin/issues/238

Products affected by CVE-2020-23653

Thinkadmin » Thinkadmin » Version: 4.0

cpe:2.3:a:thinkadmin:thinkadmin:4.0
Thinkadmin » Thinkadmin » Version: 5.0

cpe:2.3:a:thinkadmin:thinkadmin:5.0
Thinkadmin » Thinkadmin » Version: 6.0

cpe:2.3:a:thinkadmin:thinkadmin:6.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-23653

Products

Pricing

Contact Us