CVE-2023-48966

Name of the Vulnerable Software and Affected Versions ThinkAdmin version 6.1.53

Description An arbitrary file upload issue in the /admin/api.upload/file component allows attackers to execute arbitrary code via a crafted Zip file.

Recommendations For ThinkAdmin version 6.1.53, consider disabling the /admin/api.upload/file component until a patch is available to prevent arbitrary file uploads and subsequent code execution. Restrict access to this component to minimize the risk of exploitation. Avoid using this component with untrusted input until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.