CVE-2020-23653

Deserialization of Untrusted Data in packagist/zoujingli/thinkadmin

Identifiers

CVE-2020-23653

Package Slug

packagist/zoujingli/thinkadmin

Vulnerability

Deserialization of Untrusted Data

Description

An insecure unserialize vulnerability was discovered in ThinkAdm in app/admin/controller/api/Update.php and app/wechat/controller/api/Push.php, which may lead to arbitrary remote code execution.

Affected Versions

All versions starting from 4.0 up to 6.0

Solution

Unfortunately, there is no solution available yet.

Last Modified

2021-01-20

source