Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
flatcore flatcore vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2019-13961
A CSRF vulnerability was found in flatCore prior to 1.5, leading to the upload of arbitrary .php files via acp/core/files.upload-script.php.
Flatcore Flatcore
4.9
CVSSv3
CVE-2021-23835
An issue exists in flatCore prior to 2.0.0 build 139. A local file disclosure vulnerability was identified in the docs_file HTTP request body parameter for the acp interface. This can be exploited with admin access rights. The affected parameter (which retrieves the contents of t...
Flatcore Flatcore
4.8
CVSSv3
CVE-2021-23836
An issue exists in flatCore prior to 2.0.0 build 139. A stored XSS vulnerability was identified in the prefs_smtp_psw HTTP request body parameter for the acp interface. An admin user can inject malicious client-side script into the affected parameter without any form of input san...
Flatcore Flatcore
6.5
CVSSv3
CVE-2021-23837
An issue exists in flatCore prior to 2.0.0 build 139. A time-based blind SQL injection was identified in the selected_folder HTTP request body parameter for the acp interface. The affected parameter (which retrieves the file contents of the specified folder) was found to be accep...
Flatcore Flatcore
4.8
CVSSv3
CVE-2021-23838
An issue exists in flatCore prior to 2.0.0 build 139. A reflected XSS vulnerability was identified in the media_filter HTTP request body parameter for the acp interface. The affected parameter accepts malicious client-side script without proper input sanitization. For example, a ...
Flatcore Flatcore
4.8
CVSSv3
CVE-2020-17451
flatCore prior to 1.5.7 allows XSS by an admin via the acp/acp.php?tn=pages&sub=edit&editpage=1 page_linkname, page_title, page_content, or page_extracontent parameter, or the acp/acp.php?tn=system&sub=sys_pref prefs_pagename, prefs_pagetitle, or prefs_pagesubtitle pa...
Flatcore Flatcore
7.2
CVSSv3
CVE-2020-17452
flatCore prior to 1.5.7 allows upload and execution of a .php file by an admin.
Flatcore Flatcore
6.1
CVSSv3
CVE-2017-9451
Cross site scripting (XSS) vulnerability in pages.edit_form.php in flatCore 1.4.6 allows remote malicious users to inject arbitrary JavaScript via the PATH_INFO in an acp.php URL, due to use of unsanitized $_SERVER['PHP_SELF'] to generate URLs.
Flatcore Flatcore 1.4.6
7.2
CVSSv3
CVE-2019-10652
An issue exists in flatCore 1.4.7. acp/acp.php allows remote authenticated administrators to upload arbitrary .php files, related to the addons feature.
Flatcore Flatcore 1.4.7
6.6
CVSSv3
CVE-2021-3745
flatcore-cms is vulnerable to Unrestricted Upload of File with Dangerous Type
Flatcore Flatcore-cms
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »