Vulnerabilities (CVE)

Filtered by vendor Onekeyadmin Subscribe
Filtered by product Onekeyadmin
Total 8 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-26957 1 Onekeyadmin 1 Onekeyadmin 2024-11-21 N/A 9.1 CRITICAL
onekeyadmin v1.3.9 was discovered to contain an arbitrary file delete vulnerability via the component \admin\controller\plugins.
CVE-2023-26956 1 Onekeyadmin 1 Onekeyadmin 2024-11-21 N/A 7.5 HIGH
onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the component /admin1/curd/code.
CVE-2023-26953 1 Onekeyadmin 1 Onekeyadmin 2024-11-21 N/A 4.8 MEDIUM
onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Add Administrator module.
CVE-2023-26952 1 Onekeyadmin 1 Onekeyadmin 2024-11-21 N/A 5.4 MEDIUM
onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Add Menu module.
CVE-2023-26951 1 Onekeyadmin 1 Onekeyadmin 2024-11-21 N/A 5.4 MEDIUM
onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Member List module.
CVE-2023-26950 1 Onekeyadmin 1 Onekeyadmin 2024-11-21 N/A 5.4 MEDIUM
onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Title parameter under the Adding Categories module.
CVE-2023-26949 1 Onekeyadmin 1 Onekeyadmin 2024-11-21 N/A 9.8 CRITICAL
An arbitrary file upload vulnerability in the component /admin1/config/update of onekeyadmin v1.3.9 allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2023-26948 1 Onekeyadmin 1 Onekeyadmin 2024-11-21 N/A 7.5 HIGH
onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the component /admin1/file/download.