keheying/onekeyadmin
GitHub
CVE History
| CVE | Published | CVSS v3 | CVSS v2 |
|---|---|---|---|
| 5.4 MEDIUM | — | ||
onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Member List module. | |||
| 9.1 CRITICAL | — | ||
onekeyadmin v1.3.9 was discovered to contain an arbitrary file delete vulnerability via the component \admin\controller\plugins. | |||
| 7.5 HIGH | — | ||
onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the component /admin1/file/download. | |||
| 7.5 HIGH | — | ||
onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the component /admin1/curd/code. | |||
| 5.4 MEDIUM | — | ||
onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Add Menu module. | |||
| 5.4 MEDIUM | — | ||
onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Title parameter under the Adding Categories module. | |||
| 4.8 MEDIUM | — | ||
onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Add Administrator module. | |||
| 5.4 MEDIUM | — | ||
onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the User Group module. | |||
| 5.4 MEDIUM | — | ||
onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Admin Group module. | |||
| 9.8 CRITICAL | — | ||
An arbitrary file upload vulnerability in the component /admin1/config/update of onekeyadmin v1.3.9 allows attackers to execute arbitrary code via a crafted PHP file. | |||