onefilecms.php in OneFileCMS through 2017-10-08 might allow malicious users to read arbitrary files via the i and f parameters, as demonstrated by ?i=etc/&f=passwd&p=raw_view for the /etc/passwd file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
onefilecms onefilecms |