Onekeyadmin

onekeyadmin

8 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (8)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-26951 1Onekeyadmin 1Onekeyadmin Nov 21, 2024 Mar 16, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Member List module.
CVE-2023-26957 1Onekeyadmin 1Onekeyadmin Mar 5, 2025 Mar 9, 2023 N/A· v4 9.1 CRITICAL· v3 N/A· v2 onekeyadmin v1.3.9 was discovered to contain an arbitrary file delete vulnerability via the component \admin\controller\plugins.
CVE-2023-26948 1Onekeyadmin 1Onekeyadmin Feb 28, 2025 Mar 9, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the component /admin1/file/download.
CVE-2023-26956 1Onekeyadmin 1Onekeyadmin Mar 5, 2025 Mar 8, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the component /admin1/curd/code.
CVE-2023-26952 1Onekeyadmin 1Onekeyadmin Mar 3, 2025 Mar 8, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Add Menu module.
CVE-2023-26950 1Onekeyadmin 1Onekeyadmin Mar 5, 2025 Mar 8, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Title parameter under the Adding Categories module.
CVE-2023-26953 1Onekeyadmin 1Onekeyadmin Mar 4, 2025 Mar 7, 2023 N/A· v4 4.8 MEDIUM· v3 N/A· v2 onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Add Administrator module.
CVE-2023-26949 1Onekeyadmin 1Onekeyadmin Nov 21, 2024 Mar 6, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An arbitrary file upload vulnerability in the component /admin1/config/update of onekeyadmin v1.3.9 allows attackers to execute arbitrary code via a crafted PHP file.