Vulnerabilities > Flatcore > Flatcore CMS > 1.4.6
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-28 | CVE-2021-3745 | Unspecified vulnerability in Flatcore Flatcore-Cms flatcore-cms is vulnerable to Unrestricted Upload of File with Dangerous Type | 6.6 |
| 2018-01-10 | CVE-2017-1000428 | Cross-site Scripting vulnerability in Flatcore Flatcore-Cms 1.4.6 flatCore-CMS 1.4.6 is vulnerable to reflected XSS in user_management.php due to the use of $_SERVER['PHP_SELF'] to build links and a stored XSS in the admin log panel by specifying a malformed User-Agent string. | 6.1 |
| 2017-04-14 | CVE-2017-7879 | SQL Injection vulnerability in Flatcore Flatcore-Cms 1.4.6 SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read the content database. | 7.5 |
| 2017-04-14 | CVE-2017-7878 | SQL Injection vulnerability in Flatcore Flatcore-Cms 1.4.6 SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read and write to the users database. | 9.8 |
| 2017-04-14 | CVE-2017-7877 | Cross-Site Request Forgery (CSRF) vulnerability in Flatcore Flatcore-Cms 1.4.6 CSRF vulnerability in flatCore version 1.4.6 allows remote attackers to modify CMS configurations. | 8.8 |