Flatcore Cms
CVE-2021-3745
MEDIUM
Severity by source
AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
flatcore-cms is vulnerable to Unrestricted Upload of File with Dangerous Type
AnalysisAI
flatcore-cms is vulnerable to Unrestricted Upload of File with Dangerous Type. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. Public exploit code available.
Technical ContextAI
This vulnerability is classified as Unrestricted File Upload (CWE-434), which allows attackers to upload malicious files that can be executed on the server. flatcore-cms is vulnerable to Unrestricted Upload of File with Dangerous Type Affected products include: Flatcore Flatcore-Cms.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Validate file types server-side, store uploads outside webroot, use random filenames, scan for malware.
More in Flatcore Cms
View allCSRF vulnerability in flatCore version 1.4.6 allows remote attackers to modify CMS configurations. Rated high severity (
Remote Code Execution (RCE) vulnerabilty exists in FlatCore-CMS 2.0.7 via the upload addon plugin, which could let a rem
A cross-site scripting (XSS) vulnerability in flatCore-CMS v2.1.0 allows attackers to execute arbitrary web scripts or H
SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read and write to the users database. Rated
Cross Site Scripting (XSS) vulnerability exiss in FlatCore-CMS 2.0.7 via the upload image function. Rated medium severit
acp/core/files.browser.php in flatCore 1.4.7 allows file deletion via directory traversal in the delete parameter to acp
SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read the content database. Rated high severi
Same technique File Upload
View allShare
External POC / Exploit Code
Leaving vuln.today