Onethink

onethink

Vendor: Onethink • 6 CVEs

CVEs (6)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-33443 1Onethink 1Onethink Apr 16, 2025 Apr 29, 2024 N/A· v4 7.1 HIGH· v3 N/A· v2 An issue in onethink v.1.1 allows a remote attacker to execute arbitrary code via a crafted script to the AddonsController.class.php component.
CVE-2024-33444 1Onethink 1Onethink Apr 16, 2025 Apr 29, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 SQL injection vulnerability in onethink v.1.1 allows a remote attacker to escalate privileges via a crafted script to the ModelModel.class.php component.
CVE-2018-16449 1Onethink 1Onethink Nov 21, 2024 Sep 4, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 OneThink 1.1.141212 allows CSRF for adding a page via admin.php?s=/Channel/add.html, adding a blog via admin.php?s=/Article/update.html, and setting the audit state via admin.php?s=/Article/setStatus/status/1.html.
CVE-2018-15198 1Onethink 1Onethink Nov 21, 2024 Aug 8, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in OneThink v1.1. There is a CSRF vulnerability in admin.php?s=/User/add.html that can add a user.
CVE-2018-15197 1Onethink 1Onethink Nov 21, 2024 Aug 8, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in OneThink v1.1. There is a CSRF vulnerability in admin.php?s=/AuthManager/addToGroup.html that can endow administrator privileges.
CVE-2017-14323 1Onethink 1Onethink Nov 21, 2024 Apr 10, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 SSRF (Server Side Request Forgery) in getRemoteImage.php in Ueditor in Onethink V1.0 and V1.1 allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution v...Show more SSRF (Server Side Request Forgery) in getRemoteImage.php in Ueditor in Onethink V1.0 and V1.1 allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution via the upfile parameter.Show less