Skip to main content

Flatcore Cms

8 CVEs product

Monthly

CVE-2022-43118 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in flatCore-CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Username text field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Flatcore Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2021-3745 MEDIUM POC PATCH This Month

flatcore-cms is vulnerable to Unrestricted Upload of File with Dangerous Type. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. Public exploit code available.

File Upload Flatcore Cms
NVD GitHub
CVSS 3.1
6.6
EPSS
1.1%
CVE-2021-39609 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability exiss in FlatCore-CMS 2.0.7 via the upload image function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Flatcore Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
1.7%
CVE-2021-39608 HIGH POC THREAT This Week

Remote Code Execution (RCE) vulnerabilty exists in FlatCore-CMS 2.0.7 via the upload addon plugin, which could let a remote malicious user exeuct arbitrary php code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Flatcore Cms
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
45.9%
CVE-2017-8868 HIGH PATCH This Week

acp/core/files.browser.php in flatCore 1.4.7 allows file deletion via directory traversal in the delete parameter to acp/acp.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal CSRF PHP Flatcore Cms
NVD GitHub
CVSS 3.0
7.5
EPSS
0.6%
CVE-2017-7879 HIGH PATCH This Week

SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read the content database. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Flatcore Cms
NVD GitHub
CVSS 3.0
7.5
EPSS
0.2%
CVE-2017-7878 CRITICAL PATCH Act Now

SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read and write to the users database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Flatcore Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-7877 HIGH POC This Week

CSRF vulnerability in flatCore version 1.4.6 allows remote attackers to modify CMS configurations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Flatcore Cms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.3%
EPSS 0% CVSS 6.1
MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in flatCore-CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Username text field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Flatcore Cms
NVD GitHub
EPSS 1% CVSS 6.6
MEDIUM POC PATCH This Month

flatcore-cms is vulnerable to Unrestricted Upload of File with Dangerous Type. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. Public exploit code available.

File Upload Flatcore Cms
NVD GitHub
EPSS 2% CVSS 5.4
MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability exiss in FlatCore-CMS 2.0.7 via the upload image function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Flatcore Cms
NVD GitHub
EPSS 46% CVSS 7.2
HIGH POC THREAT This Week

Remote Code Execution (RCE) vulnerabilty exists in FlatCore-CMS 2.0.7 via the upload addon plugin, which could let a remote malicious user exeuct arbitrary php code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD GitHub Exploit-DB
EPSS 1% CVSS 7.5
HIGH PATCH This Week

acp/core/files.browser.php in flatCore 1.4.7 allows file deletion via directory traversal in the delete parameter to acp/acp.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal CSRF PHP +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read the content database. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Flatcore Cms
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read and write to the users database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Flatcore Cms
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC This Week

CSRF vulnerability in flatCore version 1.4.6 allows remote attackers to modify CMS configurations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Flatcore Cms
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy