OneFileCMS icon indicating copy to clipboard operation
OneFileCMS copied to clipboard
verified publisher icon Self-Evident

onefilecms.php in OneFileCMS through 2017-10-09 might allow attackers to execute arbitrary PHP code via xxx .php filename on the Upload File screen

Open havysec opened this issue 7 years ago • 0 comments

access http://fragrant:30001/OneFileCMS/onefilecms.php by username/password

image

Click Upload File -> abc.php -> Browse -> select abc.php -> Click Upload

image

image

access http://fragrant:30001/abc.php

image

havysec avatar Jul 03 '18 14:07 havysec