📦 Onekeyadmin

Onekeyadmin v1.3.9 contains an arbitrary file deletion vulnerability in the plugins controller component. This allows authenticated attackers to delete any file on the server, potentially causing deni...

This vulnerability allows unauthenticated attackers to upload arbitrary PHP files to the onekeyadmin web application through the /admin1/config/update endpoint. Successful exploitation leads to remote...

CVE-2023-26956 is an arbitrary file read vulnerability in onekeyadmin v1.3.9 that allows attackers to read sensitive files on the server via the /admin1/curd/code component. This affects all systems r...