Advisory Database
  • Advisories
  • Dependency Scanning
  1. composer
  2. ›
  3. zoujingli/thinkadmin
  4. ›
  5. CVE-2020-23653

CVE-2020-23653: ThinkAdmin insecure unserialize vulnerability

May 24, 2022 (updated May 15, 2025)

An insecure unserialize vulnerability was discovered in ThinkAdmin versions 4.x through 6.x in app/admin/controller/api/Update.php and app/wechat/controller/api/Push.php, which may lead to arbitrary remote code execution.

References

  • github.com/advisories/GHSA-4vp2-mj4m-69m4
  • github.com/zoujingli/ThinkAdmin
  • github.com/zoujingli/ThinkAdmin/commit/640a61ae0772dcd5209d74dff8ad373e61e8ad8c
  • github.com/zoujingli/ThinkAdmin/commit/6ccd4055fc40d2d7d154920a1859a7c19774bd1a
  • github.com/zoujingli/ThinkAdmin/commit/b8a2ded90866a285e9022c842e546d8a6fa5fa6d
  • github.com/zoujingli/ThinkAdmin/issues/238
  • nvd.nist.gov/vuln/detail/CVE-2020-23653

Code Behaviors & Features

Detect and mitigate CVE-2020-23653 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →

Affected versions

All versions starting from 4.0 before 6.1.0

Fixed versions

  • 6.1.0

Solution

Upgrade to version 6.1.0 or above.

Impact 9.8 CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Learn more about CVSS

Weakness

  • CWE-502: Deserialization of Untrusted Data

Source file

packagist/zoujingli/thinkadmin/CVE-2020-23653.yml

Spotted a mistake? Edit the file on GitLab.

  • Site Repo
  • About GitLab
  • Terms
  • Privacy Statement
  • Contact

Page generated Sat, 23 Aug 2025 00:19:38 +0000.