CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 1CVE-2021-3745 – Unrestricted Upload of File with Dangerous Type in flatcore/flatcore-cms
https://notcve.org/view.php?id=CVE-2021-3745
28 Oct 2021 — flatcore-cms is vulnerable to Unrestricted Upload of File with Dangerous Type flatcore-cms es vulnerable a una Carga no Restringida de Archivos de Tipo Peligroso • https://github.com/flatcore/flatcore-cms/commit/5cc3937b6bc38293ec921a5cf00018b48b668dc6 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1000428
https://notcve.org/view.php?id=CVE-2017-1000428
10 Jan 2018 — flatCore-CMS 1.4.6 is vulnerable to reflected XSS in user_management.php due to the use of $_SERVER['PHP_SELF'] to build links and a stored XSS in the admin log panel by specifying a malformed User-Agent string. flatCore-CMS 1.4.6 es vulnerable a Cross-Site Scripting (XSS) reflejado en user_management.php debido al uso de $_SERVER['PHP_SELF'] para construir enlaces y XSS persistente en el panel de logs de administrador, especificando una cadena User-Agent mal formada. • https://github.com/flatCore/flatCore-CMS/issues/35 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7879
https://notcve.org/view.php?id=CVE-2017-7879
14 Apr 2017 — SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read the content database. La vulnerabilidad de SQL Injection en flatCore versión 1.4.6 permite a un atacante leer la base de datos de contenido. • https://github.com/flatCore/flatCore-CMS/issues/28 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7878
https://notcve.org/view.php?id=CVE-2017-7878
14 Apr 2017 — SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read and write to the users database. La vulnerabilidad de SQL Injection en flatCore versión 1.4.6 permite a un atacante leer y escribir en la base de datos de usuarios. • https://github.com/flatCore/flatCore-CMS/issues/29 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-7877
https://notcve.org/view.php?id=CVE-2017-7877
14 Apr 2017 — CSRF vulnerability in flatCore version 1.4.6 allows remote attackers to modify CMS configurations. La vulnerabilidad de CSRF en FlatCore versión 1.4.6 permite a los atacantes remotos modificar las configuraciones de CMS. • http://www.securityfocus.com/bid/97709 • CWE-352: Cross-Site Request Forgery (CSRF) •