Flatcore

Flatcore

10 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2021-40555

Exploit
  • EPSS 0.33%
  • Veröffentlicht 16.02.2023 16:15:11
  • Zuletzt bearbeitet 19.03.2025 15:15:36

Cross site scripting (XSS) vulnerability in flatCore-CMS 2.2.15 allows attackers to execute arbitrary code via description field on the new page creation form.

4.8

CVE-2021-23836

Exploit
  • EPSS 0.4%
  • Veröffentlicht 15.01.2021 07:15:14
  • Zuletzt bearbeitet 21.11.2024 05:51:54

An issue was discovered in flatCore before 2.0.0 build 139. A stored XSS vulnerability was identified in the prefs_smtp_psw HTTP request body parameter for the acp interface. An admin user can inject malicious client-side script into the affected par...

6.5

CVE-2021-23837

Exploit
  • EPSS 0.78%
  • Veröffentlicht 15.01.2021 07:15:14
  • Zuletzt bearbeitet 21.11.2024 05:51:54

An issue was discovered in flatCore before 2.0.0 build 139. A time-based blind SQL injection was identified in the selected_folder HTTP request body parameter for the acp interface. The affected parameter (which retrieves the file contents of the spe...

4.8

CVE-2021-23838

Exploit
  • EPSS 0.34%
  • Veröffentlicht 15.01.2021 07:15:14
  • Zuletzt bearbeitet 21.11.2024 05:51:54

An issue was discovered in flatCore before 2.0.0 build 139. A reflected XSS vulnerability was identified in the media_filter HTTP request body parameter for the acp interface. The affected parameter accepts malicious client-side script without proper...

4.9

CVE-2021-23835

Exploit
  • EPSS 1.64%
  • Veröffentlicht 15.01.2021 07:15:13
  • Zuletzt bearbeitet 21.11.2024 05:51:54

An issue was discovered in flatCore before 2.0.0 build 139. A local file disclosure vulnerability was identified in the docs_file HTTP request body parameter for the acp interface. This can be exploited with admin access rights. The affected paramete...

9

CVE-2020-17452

Exploit
  • EPSS 0.84%
  • Veröffentlicht 09.08.2020 19:15:12
  • Zuletzt bearbeitet 21.11.2024 05:08:08

flatCore before 1.5.7 allows upload and execution of a .php file by an admin.

4.8

CVE-2020-17451

Exploit
  • EPSS 0.24%
  • Veröffentlicht 09.08.2020 19:15:11
  • Zuletzt bearbeitet 21.11.2024 05:08:08

flatCore before 1.5.7 allows XSS by an admin via the acp/acp.php?tn=pages&sub=edit&editpage=1 page_linkname, page_title, page_content, or page_extracontent parameter, or the acp/acp.php?tn=system&sub=sys_pref prefs_pagename, prefs_pagetitle, or prefs...

8.8

CVE-2019-13961

Exploit
  • EPSS 0.14%
  • Veröffentlicht 18.07.2019 20:15:12
  • Zuletzt bearbeitet 21.11.2024 04:25:47

A CSRF vulnerability was found in flatCore before 1.5, leading to the upload of arbitrary .php files via acp/core/files.upload-script.php.

7.2

CVE-2019-10652

Exploit
  • EPSS 2.36%
  • Veröffentlicht 30.03.2019 14:29:00
  • Zuletzt bearbeitet 21.11.2024 04:19:40

An issue was discovered in flatCore 1.4.7. acp/acp.php allows remote authenticated administrators to upload arbitrary .php files, related to the addons feature.

6.1

CVE-2017-9451

  • EPSS 0.22%
  • Veröffentlicht 06.06.2017 16:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Cross site scripting (XSS) vulnerability in pages.edit_form.php in flatCore 1.4.6 allows remote attackers to inject arbitrary JavaScript via the PATH_INFO in an acp.php URL, due to use of unsanitized $_SERVER['PHP_SELF'] to generate URLs.