41 matches found
EUVD-2024-53534
Malicious code in bioql PyPI...
CVE-2024-57161
07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery CSRF via /erp.07fly.net:80/oa/OaWorkReport/edit.html...
CVE-2024-57611
07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery CSRF via admin/doAdminAction.php?act=editShop&shopId...
CVE-2024-57161
07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery CSRF via /erp.07fly.net:80/oa/OaWorkReport/edit.html...
CVE-2024-57160
07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery CSRF via /erp.07fly.net:80/oa/OaTask/edit.html...
CVE-2024-57160
07FLYCMS v1.3.9 is associated with CVE-2024-57160 due to a Cross‑Site Request Forgery (CSRF) via the endpoint /erp.07fly.net:80/oa/OaTask/edit.html. The connected sources corroborate a CSRF issue affecting this specific version; no exploitable details or active exploit status are provided in the ...
CVE-2024-57161
07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery CSRF via /erp.07fly.net:80/oa/OaWorkReport/edit.html...
CVE-2024-57160
07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery CSRF via /erp.07fly.net:80/oa/OaTask/edit.html...
CVE-2024-57161
07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery CSRF via /erp.07fly.net:80/oa/OaWorkReport/edit.html...
CVE-2024-57611
CVE-2024-57611 affects 07FLYCMS V1.3.9 and is associated with a Cross-Site Request Forgery (CSRF) vulnerability reachable via admin/doAdminAction.php?act=editShop&shopId. The connected sources corroborate a CSRF issue in this version, but there is no public detail in the provided documents about ...
CVE-2024-57159
07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery CSRF via /erp.07fly.net:80/oa/OaWorkReport/add.html...
CVE-2024-51156
07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery CSRF via the component 'erp.07fly.net:80/admin/SysNotifyUser/del.html?id=93'...
CVE-2023-26951
onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting XSS vulnerability via the Member List module...
CVE-2023-26951
OneKeyAdmin v1.3.9 contains a stored cross-site scripting (XSS) vulnerability in the Member List module. The CVE entry CVE-2023-26951 is supported by multiple connected sources (e.g., NVD, Red Hat, CNNVD, Red Hat, etc.). The public records consistently cite a stored XSS issue affecting OneKeyAdmi...
CVE-2023-26957
onekeyadmin v1.3.9 was discovered to contain an arbitrary file delete vulnerability via the component \admin\controller\plugins...
Arbitrary file deletion
onekeyadmin v1.3.9 was discovered to contain an arbitrary file delete vulnerability via the component \admin\controller\plugins...
Design/Logic Flaw
onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the component /admin1/file/download...
CVE-2023-26957
CVE-2023-26957 affects onekeyadmin v1.3.9. The vulnerability exists in the component admin\controller\plugins and allows an arbitrary file deletion . The CVSS data indicates a network-based, unauthenticated, high-severity impact with integrity and availability both affected. No explicit remediati...
CVE-2023-26956
onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the component /admin1/curd/code...
CVE-2023-26952
onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting XSS vulnerability via the Add Menu module...