CVE-2018-13123

onefilecms.php in OneFileCMS through 2017-10-08 might allow attackers to read arbitrary files via the i and f parameters, as demonstrated by ?i=etc/&f=passwd&p=raw_view for the /etc/passwd file. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt