onekeyadmin CVE 脆弱性と CVE 一覧（8）

製品（CPE）: — CVE 件数: 8

onekeyadmin 脆弱性概要

onekeyadmin 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。

過去の問題は主に vendor risk cross-site scripting and パス処理の欠陥などに関し、一部はファイル上書きを招き、vendor surface production workloads and vendor surface software deployment 関連の場面に影響します。

掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。

脆弱性分布の推移（直近24か月）

CVE	概要	ソース	CVSS 最大値	EPSS（%）	公開	更新
CVE-2023-26951	onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Member List module.	[email protected]	5.4	0.21%	2023-03-16	2024-11-21
CVE-2023-26957	onekeyadmin v1.3.9 was discovered to contain an arbitrary file delete vulnerability via the component \admin\controller\plugins.	[email protected]	9.1	0.23%	2023-03-09	2025-03-05
CVE-2023-26948	onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the component /admin1/file/download.	[email protected]	7.5	0.34%	2023-03-09	2025-02-28
CVE-2023-26956	onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the component /admin1/curd/code.	[email protected]	7.5	0.34%	2023-03-08	2025-03-05
CVE-2023-26952	onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Add Menu module.	[email protected]	5.4	0.20%	2023-03-08	2025-03-03
CVE-2023-26950	onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Title parameter under the Adding Categories module.	[email protected]	5.4	0.20%	2023-03-08	2025-03-05
CVE-2023-26953	onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Add Administrator module.	[email protected]	4.8	0.24%	2023-03-07	2025-03-04
CVE-2023-26949	An arbitrary file upload vulnerability in the component /admin1/config/update of onekeyadmin v1.3.9 allows attackers to execute arbitrary code via a crafted PHP file.	[email protected]	9.8	0.76%	2023-03-06	2024-11-21

cvelogic Threat Intelligence