CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2024-6947 – Flute CMS Notification ContentParser.php replaceContent code injection
https://notcve.org/view.php?id=CVE-2024-6947
21 Jul 2024 — A vulnerability was found in Flute CMS 0.2.2.4-alpha. It has been rated as critical. This issue affects the function replaceContent of the file app/Core/Support/ContentParser.php of the component Notification Handler. The manipulation leads to code injection. The attack may be initiated remotely. • https://github.com/DeepMountains/Mirage/blob/main/CVE5-3.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2024-6946 – Flute CMS list code injection
https://notcve.org/view.php?id=CVE-2024-6946
21 Jul 2024 — A vulnerability was found in Flute CMS 0.2.2.4-alpha. It has been declared as critical. This vulnerability affects unknown code of the file /admin/pages/list. The manipulation of the argument blocks leads to code injection. The attack can be initiated remotely. • https://github.com/DeepMountains/Mirage/blob/main/CVE5-2.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2024-6945 – Flute CMS Avatar Upload Page ImagesController.php unrestricted upload
https://notcve.org/view.php?id=CVE-2024-6945
21 Jul 2024 — A vulnerability was found in Flute CMS 0.2.2.4-alpha. It has been classified as critical. This affects an unknown part of the file app/Core/Http/Controllers/Profile/ImagesController.php of the component Avatar Upload Page. The manipulation of the argument avatar leads to unrestricted upload. It is possible to initiate the attack remotely. • https://github.com/DeepMountains/Mirage/blob/main/CVE5-1.md • CWE-434: Unrestricted Upload of File with Dangerous Type •