ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read arbitrarily file on a remote server via GET request encode parameter.
https://github.com/zoujingli/ThinkAdmin/issues/244
http://packetstormsecurity.com/files/159177/ThinkAdmin-6-Arbitrary-File-Read.html