Thinkadmin: >> Thinkadmin >> 4.0 Security Vulnerabilities
An insecure unserialize vulnerability was discovered in ThinkAdmin versions 4.x through 6.x in app/admin/controller/api/Update.php and app/wechat/controller/api/Push.php, which may lead to arbitrary remote code execution.
CVSS Score
9.8
EPSS Score
0.127
Published
2021-01-13
application\admin\controller\User.php in ThinkAdmin V4.0 does not prevent continued use of an administrator's cookie-based credentials after a password change.
CVSS Score
9.8
EPSS Score
0.003
Published
2019-04-08