Skip to main content

Flatcore

9 CVEs product

Monthly

CVE-2021-23838 MEDIUM POC This Month

An issue was discovered in flatCore before 2.0.0 build 139. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Authentication Bypass Flatcore
NVD GitHub
CVSS 3.1
4.8
EPSS
1.0%
CVE-2021-23837 MEDIUM POC This Month

An issue was discovered in flatCore before 2.0.0 build 139. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Flatcore
NVD GitHub
CVSS 3.1
6.5
EPSS
1.5%
CVE-2021-23836 MEDIUM POC This Month

An issue was discovered in flatCore before 2.0.0 build 139. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Flatcore
NVD GitHub
CVSS 3.1
4.8
EPSS
0.9%
CVE-2021-23835 MEDIUM POC This Month

An issue was discovered in flatCore before 2.0.0 build 139. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Flatcore
NVD GitHub
CVSS 3.1
4.9
EPSS
1.7%
CVE-2020-17452 HIGH POC This Week

flatCore before 1.5.7 allows upload and execution of a .php file by an admin. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Flatcore
NVD
CVSS 3.1
7.2
EPSS
2.4%
CVE-2020-17451 MEDIUM POC This Month

flatCore before 1.5.7 allows XSS by an admin via the acp/acp.php?tn=pages&sub=edit&editpage=1 page_linkname, page_title, page_content, or page_extracontent parameter, or the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Flatcore
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2019-13961 HIGH POC This Week

A CSRF vulnerability was found in flatCore before 1.5, leading to the upload of arbitrary .php files via acp/core/files.upload-script.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Flatcore
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
2.3%
CVE-2019-10652 HIGH POC This Week

An issue was discovered in flatCore 1.4.7. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Flatcore
NVD GitHub Exploit-DB
CVSS 3.0
7.2
EPSS
7.1%
CVE-2017-9451 MEDIUM PATCH This Month

Cross site scripting (XSS) vulnerability in pages.edit_form.php in flatCore 1.4.6 allows remote attackers to inject arbitrary JavaScript via the PATH_INFO in an acp.php URL, due to use of unsanitized. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Flatcore
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
EPSS 1% CVSS 4.8
MEDIUM POC This Month

An issue was discovered in flatCore before 2.0.0 build 139. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Authentication Bypass Flatcore
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

An issue was discovered in flatCore before 2.0.0 build 139. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Flatcore
NVD GitHub
EPSS 1% CVSS 4.8
MEDIUM POC This Month

An issue was discovered in flatCore before 2.0.0 build 139. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Flatcore
NVD GitHub
EPSS 2% CVSS 4.9
MEDIUM POC This Month

An issue was discovered in flatCore before 2.0.0 build 139. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Flatcore
NVD GitHub
EPSS 2% CVSS 7.2
HIGH POC This Week

flatCore before 1.5.7 allows upload and execution of a .php file by an admin. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Flatcore
NVD
EPSS 1% CVSS 4.8
MEDIUM POC This Month

flatCore before 1.5.7 allows XSS by an admin via the acp/acp.php?tn=pages&sub=edit&editpage=1 page_linkname, page_title, page_content, or page_extracontent parameter, or the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Flatcore
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

A CSRF vulnerability was found in flatCore before 1.5, leading to the upload of arbitrary .php files via acp/core/files.upload-script.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Flatcore
NVD GitHub Exploit-DB
EPSS 7% CVSS 7.2
HIGH POC This Week

An issue was discovered in flatCore 1.4.7. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Flatcore
NVD GitHub Exploit-DB
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Cross site scripting (XSS) vulnerability in pages.edit_form.php in flatCore 1.4.6 allows remote attackers to inject arbitrary JavaScript via the PATH_INFO in an acp.php URL, due to use of unsanitized. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Flatcore
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy