Vulnerabilities > Flatcore > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-16 | CVE-2021-41402 | Code Injection vulnerability in Flatcore Flatcore-Cms 2.0.8 flatCore-CMS v2.0.8 has a code execution vulnerability, which could let a remote malicious user execute arbitrary PHP code. | 8.8 |
| 2021-08-23 | CVE-2021-39608 | Unrestricted Upload of File with Dangerous Type vulnerability in Flatcore Flatcore-Cms 2.0.7 Remote Code Execution (RCE) vulnerabilty exists in FlatCore-CMS 2.0.7 via the upload addon plugin, which could let a remote malicious user exeuct arbitrary php code. | 7.2 |
| 2020-08-09 | CVE-2020-17452 | Unrestricted Upload of File with Dangerous Type vulnerability in Flatcore flatCore before 1.5.7 allows upload and execution of a .php file by an admin. | 7.2 |
| 2019-07-18 | CVE-2019-13961 | Cross-Site Request Forgery (CSRF) vulnerability in Flatcore A CSRF vulnerability was found in flatCore before 1.5, leading to the upload of arbitrary .php files via acp/core/files.upload-script.php. | 8.8 |
| 2019-03-30 | CVE-2019-10652 | Unrestricted Upload of File with Dangerous Type vulnerability in Flatcore 1.4.7 An issue was discovered in flatCore 1.4.7. | 7.2 |
| 2017-05-10 | CVE-2017-8868 | Path Traversal vulnerability in Flatcore Flatcore-Cms 1.4.7 acp/core/files.browser.php in flatCore 1.4.7 allows file deletion via directory traversal in the delete parameter to acp/acp.php. | 7.5 |
| 2017-04-14 | CVE-2017-7879 | SQL Injection vulnerability in Flatcore Flatcore-Cms 1.4.6 SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read the content database. | 7.5 |
| 2017-04-14 | CVE-2017-7877 | Cross-Site Request Forgery (CSRF) vulnerability in Flatcore Flatcore-Cms 1.4.6 CSRF vulnerability in flatCore version 1.4.6 allows remote attackers to modify CMS configurations. | 8.8 |