55 matches found
CVE-2018-13123
CVE-2018-13123 affects OneFileCMS; onefilecms.php from 2017-10-08 and earlier versions allows reading arbitrary files via i and f parameters (e.g., ?i=etc/&f=passwd&p=raw_view for /etc/passwd). Public sources (NVD/CNVD/CVE records) describe the vulnerability and affected version window but do not...
CVE-2018-13122
CVE-2018-13122 affects OneFileCMS, specifically the vulnerable onefilecms.php up to version dated 2017-10-08. The issue permits an attacker to delete arbitrary files via the Delete File(s) screen, demonstrated by a URI pattern such as ?i=var/www/html/&f=123.php&p=edit&p=deletefile. Root cause ide...
CVE-2018-13122
onefilecms.php in OneFileCMS through 2017-10-08 might allow attackers to delete arbitrary files via the Delete Files screen, as demonstrated by a ?i=var/www/html/&f=123.php&p=edit&p=deletefile URI...
OneFileCMS Arbitrary PHP Code Execution Vulnerability (CNVD-2018-13553)
OneFileCMS is a lightweight CMS system. The system runs on PHP and JavaScript and includes features such as document editing, file uploading and file management. A code execution vulnerability exists in the onefilecms.php file in OneFileCMS version 2012-04-14 and earlier. An attacker can exploit...
OneFileCMS Arbitrary PHP Code Execution Vulnerability
OneFileCMS is a lightweight CMS system. The system runs on PHP and JavaScript and includes features such as document editing, file uploading and file management. A security vulnerability exists in the onefilecms.php file in OneFileCMS version 2012-04-14 and earlier. The vulnerability can be...
OneFileCMS Brute Force Attack Vulnerability
OneFileCMS is a lightweight CMS system. The system runs on PHP and JavaScript and includes features such as document editing, file uploading and file management. A security vulnerability exists in the onefilecms.php file in OneFileCMS version 2012-04-14 and earlier. The vulnerability can be...
CVE-2018-12995
onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to execute arbitrary PHP code via a .php filename on the Upload screen...
CVE-2018-12995
onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to execute arbitrary PHP code via a .php filename on the Upload screen...
Code injection
onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to execute arbitrary PHP code via a .php filename on the New File screen...
CVE-2018-12994
onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to execute arbitrary PHP code via a .php filename on the New File screen...
CVE-2018-12993
onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to conduct brute-force attacks via the onefilecmsusername and onefilecmspassword fields...
Design/Logic Flaw
onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to conduct brute-force attacks via the onefilecmsusername and onefilecmspassword fields...
Design/Logic Flaw
onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to execute arbitrary PHP code via a .php filename on the Upload screen...
CVE-2018-12994
onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to execute arbitrary PHP code via a .php filename on the New File screen...
CVE-2018-12995
onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to execute arbitrary PHP code via a .php filename on the Upload screen...
CVE-2018-12995
OneFileCMS is affected by CVE-2018-12995 through its onefilecms.php file. The vulnerability enables arbitrary PHP code execution by submitting a .php filename on the Upload screen, affecting versions up to 2012-04-14. The root cause is improper handling of uploaded filenames, allowing execution o...
CVE-2018-12993
onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to conduct brute-force attacks via the onefilecmsusername and onefilecmspassword fields...
CVE-2018-12994
onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to execute arbitrary PHP code via a .php filename on the New File screen...
CVE-2018-12993
CVE-2018-12993 affects OneFileCMS (OneFileCMS) via onefilecms.php up to 2012-04-14, enabling brute-force attempts through the onefilecms_username and onefilecms_password fields. The connected CNVD/NVD records corroborate a brute-force vulnerability in OneFileCMS versions prior to or dated 2012-04...
CVE-2018-12994
CVE-2018-12994 affects OneFileCMS (onefilecms.php) up to version 2012-04-14. The vulnerability allows an attacker to execute arbitrary PHP code by supplying a ".php" filename on the New File screen, due to improper handling in the file creation workflow. Multiple connected sources corroborate the...