CVE-2020-23653

Name of the Vulnerable Software and Affected Versions ThinkAdmin versions 4.x through 6.x

Description An insecure unserialize vulnerability was discovered in ThinkAdmin, which may lead to arbitrary remote code execution. The issue is located in files such as "app/admin/controller/api/Update.php" and "app/wechat/controller/api/Push.php".

Recommendations For ThinkAdmin versions 4.x through 6.x, consider disabling access to the Update.php and Push.php files in the app/admin/controller/api and app/wechat/controller/api directories, respectively, until a patch is available. Restricting access to these files can help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.