CVE-2023-34833: Unrestricted Upload of File with Dangerous Type

June 15, 2023 (updated December 7, 2023)

An arbitrary file upload vulnerability in the component /api/upload.php of ThinkAdmin v6 allows attackers to execute arbitrary code via a crafted file.

References

note.youdao.com/s/3tge43wH
nvd.nist.gov/vuln/detail/CVE-2023-34833

Code Behaviors & Features

Detect and mitigate CVE-2023-34833 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →