Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
flatcore vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2021-23838
An issue exists in flatCore prior to 2.0.0 build 139. A reflected XSS vulnerability was identified in the media_filter HTTP request body parameter for the acp interface. The affected parameter accepts malicious client-side script without proper input sanitization. For example, a ...
Flatcore Flatcore
4.8
CVSSv3
CVE-2021-23836
An issue exists in flatCore prior to 2.0.0 build 139. A stored XSS vulnerability was identified in the prefs_smtp_psw HTTP request body parameter for the acp interface. An admin user can inject malicious client-side script into the affected parameter without any form of input san...
Flatcore Flatcore
6.5
CVSSv3
CVE-2021-23837
An issue exists in flatCore prior to 2.0.0 build 139. A time-based blind SQL injection was identified in the selected_folder HTTP request body parameter for the acp interface. The affected parameter (which retrieves the file contents of the specified folder) was found to be accep...
Flatcore Flatcore
7.2
CVSSv3
CVE-2020-17452
flatCore prior to 1.5.7 allows upload and execution of a .php file by an admin.
Flatcore Flatcore
4.8
CVSSv3
CVE-2020-17451
flatCore prior to 1.5.7 allows XSS by an admin via the acp/acp.php?tn=pages&sub=edit&editpage=1 page_linkname, page_title, page_content, or page_extracontent parameter, or the acp/acp.php?tn=system&sub=sys_pref prefs_pagename, prefs_pagetitle, or prefs_pagesubtitle pa...
Flatcore Flatcore
8.8
CVSSv3
CVE-2019-13961
A CSRF vulnerability was found in flatCore prior to 1.5, leading to the upload of arbitrary .php files via acp/core/files.upload-script.php.
Flatcore Flatcore
7.2
CVSSv3
CVE-2019-10652
An issue exists in flatCore 1.4.7. acp/acp.php allows remote authenticated administrators to upload arbitrary .php files, related to the addons feature.
Flatcore Flatcore 1.4.7
6.1
CVSSv3
CVE-2017-1000428
flatCore-CMS 1.4.6 is vulnerable to reflected XSS in user_management.php due to the use of $_SERVER['PHP_SELF'] to build links and a stored XSS in the admin log panel by specifying a malformed User-Agent string.
Flatcore Flatcore-cms 1.4.6
6.1
CVSSv3
CVE-2017-9451
Cross site scripting (XSS) vulnerability in pages.edit_form.php in flatCore 1.4.6 allows remote malicious users to inject arbitrary JavaScript via the PATH_INFO in an acp.php URL, due to use of unsanitized $_SERVER['PHP_SELF'] to generate URLs.
Flatcore Flatcore 1.4.6
7.5
CVSSv3
CVE-2017-8868
acp/core/files.browser.php in flatCore 1.4.7 allows file deletion via directory traversal in the delete parameter to acp/acp.php. The risk might be limited to requests submitted through CSRF.
Flatcore Flatcore-cms 1.4.7
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »