GHSA-4vp2-mj4m-69m4

Опубликовано: 24 мая 2022

Источник: github

Github: Прошло ревью

CVSS3: 9.8

Описание

ThinkAdmin insecure unserialize vulnerability

An insecure unserialize vulnerability was discovered in ThinkAdmin versions 4.x through 6.x in app/admin/controller/api/Update.php and app/wechat/controller/api/Push.php, which may lead to arbitrary remote code execution.

Ссылки

Пакеты

Наименование

zoujingli/thinkadmin

composer

Затронутые версииВерсия исправления

>= 4.0, < 6.1.0

6.1.0

EPSS

Процентиль: 93%

0.11196

Средний

9.8 Critical

CVSS3

CVE ID

CVE-2020-23653

Дефекты

CWE-502

Связанные уязвимости

CVE-2020-23653

CVSS3: 9.8

nvd

около 5 лет назад

An insecure unserialize vulnerability was discovered in ThinkAdmin versions 4.x through 6.x in app/admin/controller/api/Update.php and app/wechat/controller/api/Push.php, which may lead to arbitrary remote code execution.

EPSS

Процентиль: 93%

0.11196

Средний

9.8 Critical

CVSS3

CVE ID

CVE-2020-23653

Дефекты

CWE-502