Vulnerabilities > Flatcore > Flatcore > 1.4.7.4
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-01-15 | CVE-2021-23838 | Cross-site Scripting vulnerability in Flatcore An issue was discovered in flatCore before 2.0.0 build 139. | 3.5 |
2021-01-15 | CVE-2021-23837 | SQL Injection vulnerability in Flatcore An issue was discovered in flatCore before 2.0.0 build 139. | 4.0 |
2021-01-15 | CVE-2021-23836 | Cross-site Scripting vulnerability in Flatcore An issue was discovered in flatCore before 2.0.0 build 139. | 3.5 |
2021-01-15 | CVE-2021-23835 | Improper Input Validation vulnerability in Flatcore An issue was discovered in flatCore before 2.0.0 build 139. | 4.0 |
2020-08-09 | CVE-2020-17452 | Unrestricted Upload of File with Dangerous Type vulnerability in Flatcore flatCore before 1.5.7 allows upload and execution of a .php file by an admin. | 9.0 |
2020-08-09 | CVE-2020-17451 | Cross-site Scripting vulnerability in Flatcore flatCore before 1.5.7 allows XSS by an admin via the acp/acp.php?tn=pages&sub=edit&editpage=1 page_linkname, page_title, page_content, or page_extracontent parameter, or the acp/acp.php?tn=system&sub=sys_pref prefs_pagename, prefs_pagetitle, or prefs_pagesubtitle parameter. | 3.5 |
2019-07-18 | CVE-2019-13961 | Cross-Site Request Forgery (CSRF) vulnerability in Flatcore A CSRF vulnerability was found in flatCore before 1.5, leading to the upload of arbitrary .php files via acp/core/files.upload-script.php. | 6.8 |