Disclosure Date 2020/10/19
Unauthenticated LFI to RCE in OneThird CMS
1.96c and earlier
Local file inclusion vulnerability in OneThird CMS v1.96c and earlier allows a remote unauthenticated attacker to execute arbitrary code via undisclosed file upload feature. The attacker can also use this vulnerability to obtain arbitrary files and sensitive information such as database.