CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 1CVE-2021-3745 – Unrestricted Upload of File with Dangerous Type in flatcore/flatcore-cms
https://notcve.org/view.php?id=CVE-2021-3745
28 Oct 2021 — flatcore-cms is vulnerable to Unrestricted Upload of File with Dangerous Type flatcore-cms es vulnerable a una Carga no Restringida de Archivos de Tipo Peligroso • https://github.com/flatcore/flatcore-cms/commit/5cc3937b6bc38293ec921a5cf00018b48b668dc6 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 3CVE-2021-39609
https://notcve.org/view.php?id=CVE-2021-39609
23 Aug 2021 — Cross Site Scripting (XSS) vulnerability exiss in FlatCore-CMS 2.0.7 via the upload image function. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) en FlatCore-CMS versión 2.0.7, por medio de la función upload image. • https://github.com/flatCore/flatCore-CMS/issues/53 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 3%CPEs: 1EXPL: 4CVE-2021-39608 – FlatCore CMS 2.0.7 - Remote Code Execution (RCE) (Authenticated)
https://notcve.org/view.php?id=CVE-2021-39608
23 Aug 2021 — Remote Code Execution (RCE) vulnerabilty exists in FlatCore-CMS 2.0.7 via the upload addon plugin, which could let a remote malicious user exeuct arbitrary php code. Se presenta una vulnerabilidad de ejecución de código remota (RCE) en FlatCore-CMS versión 2.0.7, por medio del plugin upload addon, que podría permitir a un usuario remoto malicioso ejecutar código php arbitrario. • https://packetstorm.news/files/id/164047 • CWE-434: Unrestricted Upload of File with Dangerous Type •