Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
flatcore vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2019-10652
An issue exists in flatCore 1.4.7. acp/acp.php allows remote authenticated administrators to upload arbitrary .php files, related to the addons feature.
Flatcore Flatcore 1.4.7
7.2
CVSSv3
CVE-2021-39608
Remote Code Execution (RCE) vulnerabilty exists in FlatCore-CMS 2.0.7 via the upload addon plugin, which could let a remote malicious user exeuct arbitrary php code.
Flatcore Flatcore-cms 2.0.7
5.4
CVSSv3
CVE-2021-39609
Cross Site Scripting (XSS) vulnerability exiss in FlatCore-CMS 2.0.7 via the upload image function.
Flatcore Flatcore-cms 2.0.7
6.1
CVSSv3
CVE-2017-1000428
flatCore-CMS 1.4.6 is vulnerable to reflected XSS in user_management.php due to the use of $_SERVER['PHP_SELF'] to build links and a stored XSS in the admin log panel by specifying a malformed User-Agent string.
Flatcore Flatcore-cms 1.4.6
9.8
CVSSv3
CVE-2021-41403
flatCore-CMS version 2.0.8 calls dangerous functions, causing server-side request forgery vulnerabilities.
Flatcore Flatcore-cms 2.0.8
8.8
CVSSv3
CVE-2017-7877
CSRF vulnerability in flatCore version 1.4.6 allows remote malicious users to modify CMS configurations.
Flatcore Flatcore-cms 1.4.6
9.8
CVSSv3
CVE-2017-7878
SQL Injection vulnerability in flatCore version 1.4.6 allows an malicious user to read and write to the users database.
Flatcore Flatcore-cms 1.4.6
7.5
CVSSv3
CVE-2017-7879
SQL Injection vulnerability in flatCore version 1.4.6 allows an malicious user to read the content database.
Flatcore Flatcore-cms 1.4.6
8.8
CVSSv3
CVE-2021-41402
flatCore-CMS v2.0.8 has a code execution vulnerability, which could let a remote malicious user execute arbitrary PHP code.
Flatcore Flatcore-cms 2.0.8
7.5
CVSSv3
CVE-2017-8868
acp/core/files.browser.php in flatCore 1.4.7 allows file deletion via directory traversal in the delete parameter to acp/acp.php. The risk might be limited to requests submitted through CSRF.
Flatcore Flatcore-cms 1.4.7
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »