CVE-2020-23653: ThinkAdmin insecure unserialize vulnerability
(updated )
An insecure unserialize vulnerability was discovered in ThinkAdmin versions 4.x through 6.x in app/admin/controller/api/Update.php
and app/wechat/controller/api/Push.php
, which may lead to arbitrary remote code execution.
References
- github.com/advisories/GHSA-4vp2-mj4m-69m4
- github.com/zoujingli/ThinkAdmin
- github.com/zoujingli/ThinkAdmin/commit/640a61ae0772dcd5209d74dff8ad373e61e8ad8c
- github.com/zoujingli/ThinkAdmin/commit/6ccd4055fc40d2d7d154920a1859a7c19774bd1a
- github.com/zoujingli/ThinkAdmin/commit/b8a2ded90866a285e9022c842e546d8a6fa5fa6d
- github.com/zoujingli/ThinkAdmin/issues/238
- nvd.nist.gov/vuln/detail/CVE-2020-23653
Code Behaviors & Features
Detect and mitigate CVE-2020-23653 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →