CVE-2023-48965

Name of the Vulnerable Software and Affected Versions ThinkAdmin version 6.1.53

Description An issue in the component /admin/api.plugs/script allows attackers to getshell via providing a crafted URL to download a malicious PHP file.

Recommendations For ThinkAdmin version 6.1.53, as a temporary workaround, consider restricting access to the /admin/api.plugs/script component until a patch is available. Avoid using crafted URLs that could lead to downloading malicious PHP files. At the moment, there is no information about a newer version that contains a fix for this vulnerability.