Every CVE whose affected-product data names Onethink, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2017-14323 — CVSS 9.8 (critical): SSRF (Server Side Request Forgery) in getRemoteImage.php in Ueditor in Onethink V1.0 and V1.1 allows remote attackers to obtain sensitive…
CVE-2024-33444 — CVSS 9.8 (critical): SQL injection vulnerability in onethink v.1.1 allows a remote attacker to escalate privileges via a crafted script to the…
CVE-2018-15197 — CVSS 8.8 (high): An issue was discovered in OneThink v1.1. There is a CSRF vulnerability in admin.php?s=/AuthManager/addToGroup.html that can endow…
CVE-2018-15198 — CVSS 8.8 (high): An issue was discovered in OneThink v1.1. There is a CSRF vulnerability in admin.php?s=/User/add.html that can add a user.
CVE-2024-33443 — CVSS 7.1 (high): An issue in onethink v.1.1 allows a remote attacker to execute arbitrary code via a crafted script to the AddonsController.class.php…
CVE-2018-16449 — CVSS 6.5 (medium): OneThink 1.1.141212 allows CSRF for adding a page via admin.php?s=/Channel/add.html, adding a blog via admin.php?s=/Article/update.html…