Flatcore: >> Flatcore-Cms >> 1.4.6 Security Vulnerabilities
flatcore-cms is vulnerable to Unrestricted Upload of File with Dangerous Type
CVSS Score
8.0
EPSS Score
0.004
Published
2021-10-28
flatCore-CMS 1.4.6 is vulnerable to reflected XSS in user_management.php due to the use of $_SERVER['PHP_SELF'] to build links and a stored XSS in the admin log panel by specifying a malformed User-Agent string.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-01-10
CSRF vulnerability in flatCore version 1.4.6 allows remote attackers to modify CMS configurations.
CVSS Score
8.8
EPSS Score
0.002
Published
2017-04-14
SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read and write to the users database.
CVSS Score
9.8
EPSS Score
0.002
Published
2017-04-14
SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read the content database.
CVSS Score
7.5
EPSS Score
0.002
Published
2017-04-14