Critical severity9.8NVD Advisory· Published Jul 3, 2018· Updated Jun 17, 2026

CVE-2018-13123

Description

onefilecms.php in OneFileCMS through 2017-10-08 might allow attackers to read arbitrary files via the i and f parameters, as demonstrated by ?i=etc/&f=passwd&p=raw_view for the /etc/passwd file.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Jbb/Onefilecmsinferred
Range: <=2017-10-08
Self Evident/OneFileCMSllm-create
Range: <= 2017-10-08

Patches

Vulnerability mechanics

References

github.com/Self-Evident/OneFileCMS/issues/50nvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000