onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the component /admin1/file/download.
7.5CVSS
7.5AI Score
0.002EPSS
An arbitrary file upload vulnerability in the component /admin1/config/update of onekeyadmin v1.3.9 allows attackers to execute arbitrary code via a crafted PHP file.
9.8CVSS
9.5AI Score
0.003EPSS
onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Title parameter under the Adding Categories module.
5.4CVSS
5.3AI Score
0.001EPSS
onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Member List module.
5.4CVSS
5.3AI Score
0.001EPSS
onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Add Menu module.
5.4CVSS
5.3AI Score
0.001EPSS
onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Add Administrator module.
4.8CVSS
5AI Score
0.001EPSS
onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the component /admin1/curd/code.
7.5CVSS
7.5AI Score
0.002EPSS
onekeyadmin v1.3.9 was discovered to contain an arbitrary file delete vulnerability via the component \admin\controller\plugins.
9.1CVSS
9.2AI Score
0.001EPSS