CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-41402
https://notcve.org/view.php?id=CVE-2021-41402
16 Jun 2022 — flatCore-CMS v2.0.8 has a code execution vulnerability, which could let a remote malicious user execute arbitrary PHP code. flatCore-CMS versión v2.0.8, presenta una vulnerabilidad de ejecución de código, que podría permitir a un usuario remoto malicioso ejecutar código PHP arbitrario • https://github.com/flatCore/flatCore-CMS/issues/59 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-41403
https://notcve.org/view.php?id=CVE-2021-41403
15 Jun 2022 — flatCore-CMS version 2.0.8 calls dangerous functions, causing server-side request forgery vulnerabilities. flatCore-CMS versión 2.0.8, llama a funciones peligrosas, causando vulnerabilidades de tipo server-side request forgery • https://github.com/flatCore/flatCore-CMS/issues/60 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-40902
https://notcve.org/view.php?id=CVE-2021-40902
13 Jun 2022 — flatCore-CMS version 2.0.8 is affected by Cross Site Scripting (XSS) in the "Create New Page" option through the index page. flatCore-CMS versión 2.0.8, está afectada por un ataque de tipo Cross Site Scripting (XSS) en la opción "Create New Page" mediante la página de índice • https://github.com/flatCore/flatCore-CMS/issues/57 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 1CVE-2021-3745 – Unrestricted Upload of File with Dangerous Type in flatcore/flatcore-cms
https://notcve.org/view.php?id=CVE-2021-3745
28 Oct 2021 — flatcore-cms is vulnerable to Unrestricted Upload of File with Dangerous Type flatcore-cms es vulnerable a una Carga no Restringida de Archivos de Tipo Peligroso • https://github.com/flatcore/flatcore-cms/commit/5cc3937b6bc38293ec921a5cf00018b48b668dc6 • CWE-434: Unrestricted Upload of File with Dangerous Type •