87 matches found
CVE-2023-26951
onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting XSS vulnerability via the Member List module...
CVE-2023-26951
onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting XSS vulnerability via the Member List module...
OneKeyAdmin 跨站脚本漏洞
OneKeyAdmin is About plug-in management system based on Thinkphp6+Element, website, applets, malls, CMS, APP, ERP, API interface a system to get it all done without scaffolding out of the box! A security vulnerability exists in OneKeyAdmin v1.3.9, which stems from a stored cross-site scripting XS...
CVE-2023-26951
OneKeyAdmin v1.3.9 contains a stored cross-site scripting (XSS) vulnerability in the Member List module. The CVE entry CVE-2023-26951 is supported by multiple connected sources (e.g., NVD, Red Hat, CNNVD, Red Hat, etc.). The public records consistently cite a stored XSS issue affecting OneKeyAdmi...
CVE-2023-26951
onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting XSS vulnerability via the Member List module...
CVE-2023-26957
onekeyadmin v1.3.9 was discovered to contain an arbitrary file delete vulnerability via the component \admin\controller\plugins...
CVE-2023-26957
onekeyadmin v1.3.9 was discovered to contain an arbitrary file delete vulnerability via the component \admin\controller\plugins...
Arbitrary file deletion
onekeyadmin v1.3.9 was discovered to contain an arbitrary file delete vulnerability via the component \admin\controller\plugins...
CVE-2023-26948
onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the component /admin1/file/download...
CVE-2023-26948
onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the component /admin1/file/download...
Design/Logic Flaw
onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the component /admin1/file/download...
CVE-2023-26948
onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the component /admin1/file/download...
CVE-2023-26957
onekeyadmin v1.3.9 was discovered to contain an arbitrary file delete vulnerability via the component \admin\controller\plugins...
CVE-2023-26948
The CVE-2023-26948 entry affects onekeyadmin v1.3.9, with a disclosed arbitrary file read vulnerability exposed via the /admin1/file/download endpoint. Root cause and impact: Confidentiality impact is HIGH; other impacts are NONE. The CVSS v3.1 score is 7.5 (NETWORK attack vector, LOW attack comp...
CVE-2023-26957
CVE-2023-26957 affects onekeyadmin v1.3.9. The vulnerability exists in the component admin\controller\plugins and allows an arbitrary file deletion . The CVSS data indicates a network-based, unauthenticated, high-severity impact with integrity and availability both affected. No explicit remediati...
CVE-2023-26948
onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the component /admin1/file/download...
OneKeyAdmin 安全漏洞
OneKeyAdmin is About plug-in management system based on Thinkphp6+Element, website, applets, malls, CMS, APP, ERP, API interface a system to get it all done, no scaffolding out of the box! OneKeyAdmin v1.3.9 version of a security vulnerability , the vulnerability stems from the existence of...
PT-2023-20865 · Unknown · Onekeyadmin
Name of the Vulnerable Software and Affected Versions: onekeyadmin version 1.3.9 Description: The issue is related to an arbitrary file read vulnerability. This vulnerability can be exploited via the /admin1/file/download API endpoint. Recommendations: For onekeyadmin version 1.3.9, consider...
CVE-2023-26956
onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the component /admin1/curd/code...
CVE-2023-26952
onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting XSS vulnerability via the Add Menu module...