1Dreamgn

**Name of the Vulnerable Software and Affected Versions** ThinkAdmin version 6.1.53 **Description** An issue in the component /admin/api.plugs/script allows attackers to getshell via providing a crafted URL to download a malicious PHP file. **Recommendations** For ThinkAdmin version 6.1.53, as a temporary workaround, consider restricting access to the /admin/api.plugs/script component until a patch is available. Avoid using crafted URLs that could lead to downloading malicious PHP files. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ThinkAdmin version 6.1.53 **Description** An arbitrary file upload issue in the `/admin/api.upload/file` component allows attackers to execute arbitrary code via a crafted Zip file. **Recommendations** For ThinkAdmin version 6.1.53, consider disabling the `/admin/api.upload/file` component until a patch is available to prevent arbitrary file uploads and subsequent code execution. Restrict access to this component to minimize the risk of exploitation. Avoid using this component with untrusted input until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.