CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-48966

An arbitrary file upload vulnerability in the component /admin/api.upload/file of ThinkAdmin v6.1.53 allows attackers to execute arbitrary code via a crafted Zip file.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 42.0%

CVSS Severity

CVSS v3 Score 8.8

References

https://github.com/1dreamGN/CVE/blob/main/ThinkAdmin%20directory%20traversal%2Bfile%20upload%20getshell.md
https://github.com/1dreamGN/CVE/blob/main/ThinkAdmin%20directory%20traversal%2Bfile%20upload%20getshell.md

Products affected by CVE-2023-48966

Thinkadmin » Thinkadmin » Version: 6.1.53

cpe:2.3:a:thinkadmin:thinkadmin:6.1.53

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-48966

Products

Pricing

Contact Us