Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ThinkAdmin Plugs.php script deserialization
Vulnerability Description
A vulnerability, which was classified as critical, was found in ThinkAdmin up to 6.1.67. Affected is the function script of the file /app/admin/controller/api/Plugs.php. The manipulation of the argument uptoken leads to deserialization. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
可信数据的反序列化
Vulnerability Title
ThinkAdmin 代码问题漏洞
Vulnerability Description
ThinkAdmin是ThinkAdmin开源的一套基于ThinkPHP框架的通用后台管理系统。 ThinkAdmin 6.1.67及之前版本存在代码问题漏洞,该漏洞源于对参数uptoken的处理不当,导致反序列化。
CVSS Information
N/A
Vulnerability Type
N/A