There a is serious bug in OneFileCMS 1.1.0 that enables remote users to create, write and delete files in web server context.
If you have a running OneFileCMS installation — pull the plug now. Until this issue has been resolved make sure only trusted users can access your OneFileCMS-powered website.
The author has been informed. Please come back later for updates :)
This is the encrypted exploit (I will post the key once the security holes have been fixed)
Happy new year BTW :)
Update 17.01.2010: The issue seems to be resolved! Update now!
Leave a Reply
You must be logged in to post a comment.