Skip to main content

Onethink

5 CVEs product

Monthly

CVE-2024-33443 HIGH POC This Week

An issue in onethink v.1.1 allows a remote attacker to execute arbitrary code via a crafted script to the AddonsController.class.php component. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE Onethink
NVD GitHub
CVSS 3.1
7.1
EPSS
0.7%
CVE-2024-33444 CRITICAL POC Act Now

SQL injection vulnerability in onethink v.1.1 allows a remote attacker to escalate privileges via a crafted script to the ModelModel.class.php component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Onethink
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2018-16449 MEDIUM POC This Month

OneThink 1.1.141212 allows CSRF for adding a page via admin.php?s=/Channel/add.html, adding a blog via admin.php?s=/Article/update.html, and setting the audit state via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Onethink
NVD GitHub
CVSS 3.0
6.5
EPSS
0.6%
CVE-2018-15198 HIGH POC This Week

An issue was discovered in OneThink v1.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Onethink
NVD GitHub
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-15197 HIGH POC This Week

An issue was discovered in OneThink v1.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Onethink
NVD GitHub
CVSS 3.0
8.8
EPSS
0.7%
EPSS 1% CVSS 7.1
HIGH POC This Week

An issue in onethink v.1.1 allows a remote attacker to execute arbitrary code via a crafted script to the AddonsController.class.php component. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

SQL injection vulnerability in onethink v.1.1 allows a remote attacker to escalate privileges via a crafted script to the ModelModel.class.php component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Onethink
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

OneThink 1.1.141212 allows CSRF for adding a page via admin.php?s=/Channel/add.html, adding a blog via admin.php?s=/Article/update.html, and setting the audit state via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Onethink
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

An issue was discovered in OneThink v1.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Onethink
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

An issue was discovered in OneThink v1.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Onethink
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy