Vulnerabilities > Onethink
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-04 | CVE-2018-16449 | Cross-Site Request Forgery (CSRF) vulnerability in Onethink 1.1.141212 OneThink 1.1.141212 allows CSRF for adding a page via admin.php?s=/Channel/add.html, adding a blog via admin.php?s=/Article/update.html, and setting the audit state via admin.php?s=/Article/setStatus/status/1.html. | 6.5 |
| 2018-08-08 | CVE-2018-15198 | Cross-Site Request Forgery (CSRF) vulnerability in Onethink 1.1 An issue was discovered in OneThink v1.1. | 8.8 |
| 2018-08-08 | CVE-2018-15197 | Cross-Site Request Forgery (CSRF) vulnerability in Onethink 1.1 An issue was discovered in OneThink v1.1. | 8.8 |
| 2018-04-10 | CVE-2017-14323 | Server-Side Request Forgery (SSRF) vulnerability in Onethink 1.0/1.1 SSRF (Server Side Request Forgery) in getRemoteImage.php in Ueditor in Onethink V1.0 and V1.1 allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution via the upfile parameter. | 9.8 |