An arbitrary file upload vulnerability in the component /admin/api.upload/file of ThinkAdmin v6.1.53 allows attackers to execute arbitrary code via a crafted Zip file.
{
"github_reviewed_at": "2023-12-08T21:57:51Z",
"nvd_published_at": "2023-12-04T16:15:11Z",
"github_reviewed": true,
"cwe_ids": [
"CWE-434"
],
"severity": "HIGH"
}