CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-41402
https://notcve.org/view.php?id=CVE-2021-41402
16 Jun 2022 — flatCore-CMS v2.0.8 has a code execution vulnerability, which could let a remote malicious user execute arbitrary PHP code. flatCore-CMS versión v2.0.8, presenta una vulnerabilidad de ejecución de código, que podría permitir a un usuario remoto malicioso ejecutar código PHP arbitrario • https://github.com/flatCore/flatCore-CMS/issues/59 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-41403
https://notcve.org/view.php?id=CVE-2021-41403
15 Jun 2022 — flatCore-CMS version 2.0.8 calls dangerous functions, causing server-side request forgery vulnerabilities. flatCore-CMS versión 2.0.8, llama a funciones peligrosas, causando vulnerabilidades de tipo server-side request forgery • https://github.com/flatCore/flatCore-CMS/issues/60 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-40902
https://notcve.org/view.php?id=CVE-2021-40902
13 Jun 2022 — flatCore-CMS version 2.0.8 is affected by Cross Site Scripting (XSS) in the "Create New Page" option through the index page. flatCore-CMS versión 2.0.8, está afectada por un ataque de tipo Cross Site Scripting (XSS) en la opción "Create New Page" mediante la página de índice • https://github.com/flatCore/flatCore-CMS/issues/57 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-42245
https://notcve.org/view.php?id=CVE-2021-42245
06 Jun 2022 — FlatCore-CMS 2.0.9 has a cross-site scripting (XSS) vulnerability in pages.edit.php through meta tags and content sections. FlatCore-CMS versión 2.0.9, presenta una vulnerabilidad de tipo cross-site scripting (XSS) en el archivo pages.edit.php mediante meta tags y secciones de contenido • https://github.com/flatCore/flatCore-CMS/issues/69 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 1CVE-2021-3745 – Unrestricted Upload of File with Dangerous Type in flatcore/flatcore-cms
https://notcve.org/view.php?id=CVE-2021-3745
28 Oct 2021 — flatcore-cms is vulnerable to Unrestricted Upload of File with Dangerous Type flatcore-cms es vulnerable a una Carga no Restringida de Archivos de Tipo Peligroso • https://github.com/flatcore/flatcore-cms/commit/5cc3937b6bc38293ec921a5cf00018b48b668dc6 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 3CVE-2021-39609
https://notcve.org/view.php?id=CVE-2021-39609
23 Aug 2021 — Cross Site Scripting (XSS) vulnerability exiss in FlatCore-CMS 2.0.7 via the upload image function. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) en FlatCore-CMS versión 2.0.7, por medio de la función upload image. • https://github.com/flatCore/flatCore-CMS/issues/53 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 3%CPEs: 1EXPL: 4CVE-2021-39608 – FlatCore CMS 2.0.7 - Remote Code Execution (RCE) (Authenticated)
https://notcve.org/view.php?id=CVE-2021-39608
23 Aug 2021 — Remote Code Execution (RCE) vulnerabilty exists in FlatCore-CMS 2.0.7 via the upload addon plugin, which could let a remote malicious user exeuct arbitrary php code. Se presenta una vulnerabilidad de ejecución de código remota (RCE) en FlatCore-CMS versión 2.0.7, por medio del plugin upload addon, que podría permitir a un usuario remoto malicioso ejecutar código php arbitrario. • https://packetstorm.news/files/id/164047 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1000428
https://notcve.org/view.php?id=CVE-2017-1000428
10 Jan 2018 — flatCore-CMS 1.4.6 is vulnerable to reflected XSS in user_management.php due to the use of $_SERVER['PHP_SELF'] to build links and a stored XSS in the admin log panel by specifying a malformed User-Agent string. flatCore-CMS 1.4.6 es vulnerable a Cross-Site Scripting (XSS) reflejado en user_management.php debido al uso de $_SERVER['PHP_SELF'] para construir enlaces y XSS persistente en el panel de logs de administrador, especificando una cadena User-Agent mal formada. • https://github.com/flatCore/flatCore-CMS/issues/35 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-8868
https://notcve.org/view.php?id=CVE-2017-8868
10 May 2017 — acp/core/files.browser.php in flatCore 1.4.7 allows file deletion via directory traversal in the delete parameter to acp/acp.php. The risk might be limited to requests submitted through CSRF. Acp/core/files.browser.php en flatCore 1.4.7 permite la eliminación de archivos a través de directorio traversal en el parámetro delete a acp/acp.php. El riesgo podría estar limitado a las solicitudes enviadas a través de CSRF. • https://github.com/flatCore/flatCore-CMS/issues/30 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7879
https://notcve.org/view.php?id=CVE-2017-7879
14 Apr 2017 — SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read the content database. La vulnerabilidad de SQL Injection en flatCore versión 1.4.6 permite a un atacante leer la base de datos de contenido. • https://github.com/flatCore/flatCore-CMS/issues/28 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •