Critical severityNVD Advisory· Published Jan 13, 2021· Updated Aug 4, 2024
CVE-2020-23653
CVE-2020-23653
Description
An insecure unserialize vulnerability was discovered in ThinkAdmin versions 4.x through 6.x in app/admin/controller/api/Update.php and app/wechat/controller/api/Push.php, which may lead to arbitrary remote code execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
zoujingli/thinkadminPackagist | >= 4.0, < 6.1.0 | 6.1.0 |
Affected products
2- ThinkAdmin/ThinkAdmindescription
Patches
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- github.com/advisories/GHSA-4vp2-mj4m-69m4ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-23653ghsaADVISORY
- github.com/zoujingli/ThinkAdmin/commit/640a61ae0772dcd5209d74dff8ad373e61e8ad8cghsaWEB
- github.com/zoujingli/ThinkAdmin/commit/6ccd4055fc40d2d7d154920a1859a7c19774bd1aghsaWEB
- github.com/zoujingli/ThinkAdmin/commit/b8a2ded90866a285e9022c842e546d8a6fa5fa6dghsaWEB
- github.com/zoujingli/ThinkAdmin/issues/238ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.