OneFileCMS 3.6.13 allows remote malicious users to modify onefilecms.php by clicking the Copy button twice.
onefilecms onefilecms 3.6.13