7 matches found
Code injection
OneFileCMS 3.6.13 allows remote attackers to modify onefilecms.php by clicking the Copy button twice...
CVE-2019-8408
OneFileCMS 3.6.13 allows remote attackers to modify onefilecms.php by clicking the Copy button twice...
CVE-2019-8408
CVE-2019-8408 affects OneFileCMS 3.6.13. The vulnerability allows remote attackers to modify the file onefilecms.php by clicking the Copy button twice. The available sources document this behavior but do not provide concrete exploit details, affected versions beyond 3.6.13, or remediation steps. ...
OneFileCMS Information Disclosure Vulnerability
OneFileCMS is a lightweight CMS system. The system runs on PHP and JavaScript and includes features such as document editing, file uploading and file management. A security vulnerability exists in the onefilecms.php file in OneFileCMS 2017-10-08 and earlier versions. An attacker can exploit the...
OneFileCMS Brute Force Attack Vulnerability
OneFileCMS is a lightweight CMS system. The system runs on PHP and JavaScript and includes features such as document editing, file uploading and file management. A security vulnerability exists in the onefilecms.php file in OneFileCMS version 2012-04-14 and earlier. The vulnerability can be...
CVE-2018-12993
onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to conduct brute-force attacks via the onefilecmsusername and onefilecmspassword fields...
CVE-2018-12995
OneFileCMS is affected by CVE-2018-12995 through its onefilecms.php file. The vulnerability enables arbitrary PHP code execution by submitting a .php filename on the Upload screen, affecting versions up to 2012-04-14. The root cause is improper handling of uploaded filenames, allowing execution o...