Onefilecms
Monthly
OneFileCMS 3.6.13 allows remote attackers to modify onefilecms.php by clicking the Copy button twice. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
onefilecms.php in OneFileCMS through 2017-10-08 might allow attackers to read arbitrary files via the i and f parameters, as demonstrated by ?i=etc/&f=passwd&p=raw_view for the /etc/passwd file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
onefilecms.php in OneFileCMS through 2017-10-08 might allow attackers to delete arbitrary files via the Delete File(s) screen, as demonstrated by a ?i=var/www/html/&f=123.php&p=edit&p=deletefile URI. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to execute arbitrary PHP code via a .php filename on the Upload screen. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to execute arbitrary PHP code via a .php filename on the New File screen. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to conduct brute-force attacks via the onefilecms_username and onefilecms_password fields. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
OneFileCMS 3.6.13 allows remote attackers to modify onefilecms.php by clicking the Copy button twice. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
onefilecms.php in OneFileCMS through 2017-10-08 might allow attackers to read arbitrary files via the i and f parameters, as demonstrated by ?i=etc/&f=passwd&p=raw_view for the /etc/passwd file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
onefilecms.php in OneFileCMS through 2017-10-08 might allow attackers to delete arbitrary files via the Delete File(s) screen, as demonstrated by a ?i=var/www/html/&f=123.php&p=edit&p=deletefile URI. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to execute arbitrary PHP code via a .php filename on the Upload screen. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to execute arbitrary PHP code via a .php filename on the New File screen. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to conduct brute-force attacks via the onefilecms_username and onefilecms_password fields. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.