acp/core/files.browser.php in flatCore 1.4.7 allows file deletion via directory traversal in the delete parameter to acp/acp.php. The risk might be limited to requests submitted through CSRF.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
flatcore flatcore-cms 1.4.7 |