Lucene search
MitreCVE-2023-26949HistoryMar 06, 2023 - 9:15 p.m.
CVE-2023-26949
2023-03-0621:15:11
CWE-434
mitre
web.nvd.nist.gov
26
cve-2023-26949
arbitrary file upload
onekeyadmin v1.3.9
security vulnerability
nvd
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.5
Confidence
High
EPSS
0.003
Percentile
65.2%
An arbitrary file upload vulnerability in the component /admin1/config/update of onekeyadmin v1.3.9 allows attackers to execute arbitrary code via a crafted PHP file.
Affected configurations
Node
onekeyadminonekeyadminMatch1.3.9
| Vendor | Product | Version | CPE |
|---|---|---|---|
| onekeyadmin | onekeyadmin | 1.3.9 | cpe:2.3:a:onekeyadmin:onekeyadmin:1.3.9:*:*:*:*:*:*:* |
References
Related
cvelist
cvelist
CVE-2023-26949
2023-03-06 00:00:00
nvd
nvd
CVE-2023-26949
2023-03-06 21:15:11
prion
prion
Privilege escalation
2023-03-06 21:15:00
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.5
Confidence
High
EPSS
0.003
Percentile
65.2%
Related for CVE-2023-26949