CVE-2020-23653 - An insecure unserialize vulnerability was discovered in ThinkAdmin versions 4.x through 6.x in app/a

CVE-2020-23653

Summary

An insecure unserialize vulnerability was discovered in ThinkAdmin versions 4.x through 6.x in app/admin/controller/api/Update.php and app/wechat/controller/api/Push.php, which may lead to arbitrary remote code execution.

References

https://github.com/zoujingli/ThinkAdmin/issues/238

Vulnerable Configurations

CVSS

Base:	None
Impact:
Exploitability:

Access

Vector	Complexity	Authentication

Impact

Confidentiality	Integrity	Availability

Last major update

13-01-2021 - 18:37

Published

13-01-2021 - 18:15

Last modified

13-01-2021 - 18:37