Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
flatcore vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2021-23838
An issue exists in flatCore prior to 2.0.0 build 139. A reflected XSS vulnerability was identified in the media_filter HTTP request body parameter for the acp interface. The affected parameter accepts malicious client-side script without proper input sanitization. For example, a ...
Flatcore Flatcore
312
VMScore
CVE-2021-23836
An issue exists in flatCore prior to 2.0.0 build 139. A stored XSS vulnerability was identified in the prefs_smtp_psw HTTP request body parameter for the acp interface. An admin user can inject malicious client-side script into the affected parameter without any form of input san...
Flatcore Flatcore
356
VMScore
CVE-2021-23837
An issue exists in flatCore prior to 2.0.0 build 139. A time-based blind SQL injection was identified in the selected_folder HTTP request body parameter for the acp interface. The affected parameter (which retrieves the file contents of the specified folder) was found to be accep...
Flatcore Flatcore
801
VMScore
CVE-2020-17452
flatCore prior to 1.5.7 allows upload and execution of a .php file by an admin.
Flatcore Flatcore
312
VMScore
CVE-2020-17451
flatCore prior to 1.5.7 allows XSS by an admin via the acp/acp.php?tn=pages&sub=edit&editpage=1 page_linkname, page_title, page_content, or page_extracontent parameter, or the acp/acp.php?tn=system&sub=sys_pref prefs_pagename, prefs_pagetitle, or prefs_pagesubtitle pa...
Flatcore Flatcore
605
VMScore
CVE-2019-13961
A CSRF vulnerability was found in flatCore prior to 1.5, leading to the upload of arbitrary .php files via acp/core/files.upload-script.php.
Flatcore Flatcore
578
VMScore
CVE-2019-10652
An issue exists in flatCore 1.4.7. acp/acp.php allows remote authenticated administrators to upload arbitrary .php files, related to the addons feature.
Flatcore Flatcore 1.4.7
383
VMScore
CVE-2017-1000428
flatCore-CMS 1.4.6 is vulnerable to reflected XSS in user_management.php due to the use of $_SERVER['PHP_SELF'] to build links and a stored XSS in the admin log panel by specifying a malformed User-Agent string.
Flatcore Flatcore-cms 1.4.6
383
VMScore
CVE-2017-9451
Cross site scripting (XSS) vulnerability in pages.edit_form.php in flatCore 1.4.6 allows remote malicious users to inject arbitrary JavaScript via the PATH_INFO in an acp.php URL, due to use of unsanitized $_SERVER['PHP_SELF'] to generate URLs.
Flatcore Flatcore 1.4.6
445
VMScore
CVE-2017-8868
acp/core/files.browser.php in flatCore 1.4.7 allows file deletion via directory traversal in the delete parameter to acp/acp.php. The risk might be limited to requests submitted through CSRF.
Flatcore Flatcore-cms 1.4.7
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »