Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2020-25540

Published: 14/09/2020 Updated: 07/12/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 447
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Thinkadmin

Vulnerability Summary

ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read arbitrarily file on a remote server via GET request encode parameter.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

thinkadmin thinkadmin 6.0

Exploits

Exploit DB: ThinkAdmin 6 Arbitrary File Read
ThinkAdmin version 6 suffers from an arbitrary file read vulnerability ...

Github Repositories

https://github.com/Rajchowdhury420/ThinkAdmin-CVE-2020-25540

ThinkAdmin CVE-2020-25540 POC

ThinkAdmin-CVE-2020-25540 ThinkAdmin CVE-2020-25540 POC * Usage $ python3 exploitpy -t <IP> -c <command>

https://github.com/lowkey0808/cve-2020-22540

ThinkAdmin未授权列目录/任意文件读取 cve-2020-25540 使用方式 python3 cve-2020-25540py url

https://github.com/lowkey0808/cve-2020-25540

ThinkAdmin未授权列目录/任意文件读取 cve-2020-25540 使用方式 python3 cve-2020-25540py url

https://github.com/ChaoYangDongYongGuaiGe/CVE-2020-25540

ThinkAdmin CVE-2020-25540 poc

CVE-2020-25540 ThinkAdmin CVE-2020-25540 poc 由于目录穿越那个洞太鸡肋,就只写了文件读取功能,带哥们轻喷,多多指教,感激不尽。 逻辑参考php源码,关键是加密方式,看一看就懂了 use age: python3 pocpy -t <IP> -c <command>

https://github.com/Schira4396/CVE-2020-25540

ThinkAdmin CVE-2020-25540 poc

CVE-2020-25540 ThinkAdmin CVE-2020-25540 poc 由于目录穿越那个洞太鸡肋,就只写了文件读取功能,带哥们轻喷,多多指教,感激不尽。 逻辑参考php源码,关键是加密方式,看一看就懂了 use age: python3 pocpy -t <IP> -c <command>

References

CWE-22https://github.com/zoujingli/ThinkAdmin/issues/244https://wtfsec.org/posts/thinkadmin-v6-%E5%88%97%E7%9B%AE%E5%BD%95-%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96/http://packetstormsecurity.com/files/159177/ThinkAdmin-6-Arbitrary-File-Read.htmlhttps://nvd.nist.govhttps://github.com/Rajchowdhury420/ThinkAdmin-CVE-2020-25540https://packetstormsecurity.com/files/159177/ThinkAdmin-6-Arbitrary-File-Read.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTICVE-2024-35863CVE-2024-35910man-in-the-middleCVE-2024-35912CVE-2024-25742LFICVE-2024-32002CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook