An arbitrary file upload vulnerability in the component /api/upload.php of ThinkAdmin v6 allows attackers to execute arbitrary code via a crafted file.Referenceshttps://note.youdao.com/s/3tge43wH