ThinkAdmin v6 has default administrator credentials, which allows attackers to gain unrestricted administratior dashboard access.
https://smshrimant.com/admin-panel-access-using-default-credentials/
https://github.com/zoujingli/ThinkAdmin
https://github.com/Shrimant12/CVE-References/blob/main/CVE-2020-35296.md