Flatcore CMS
by Flatcore
Source repositories
CVEs (23)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-23835 | 0.00 | — | 0.02 | Jan 15, 2021 | An issue was discovered in flatCore before 2.0.0 build 139. A local file disclosure vulnerability was identified in the docs_file HTTP request body parameter for the acp interface. This can be exploited with admin access rights. The affected parameter (which retrieves the… | |||
| CVE-2020-17451 | 0.00 | — | 0.01 | Aug 9, 2020 | flatCore before 1.5.7 allows XSS by an admin via the acp/acp.php?tn=pages&sub=edit&editpage=1 page_linkname, page_title, page_content, or page_extracontent parameter, or the acp/acp.php?tn=system&sub=sys_pref prefs_pagename, prefs_pagetitle, or prefs_pagesubtitle parameter. | |||
| CVE-2020-17452 | 0.00 | — | 0.02 | Aug 9, 2020 | flatCore before 1.5.7 allows upload and execution of a .php file by an admin. |
- CVE-2021-23835Jan 15, 2021risk 0.00cvss —epss 0.02
An issue was discovered in flatCore before 2.0.0 build 139. A local file disclosure vulnerability was identified in the docs_file HTTP request body parameter for the acp interface. This can be exploited with admin access rights. The affected parameter (which retrieves the…
- CVE-2020-17451Aug 9, 2020risk 0.00cvss —epss 0.01
flatCore before 1.5.7 allows XSS by an admin via the acp/acp.php?tn=pages&sub=edit&editpage=1 page_linkname, page_title, page_content, or page_extracontent parameter, or the acp/acp.php?tn=system&sub=sys_pref prefs_pagename, prefs_pagetitle, or prefs_pagesubtitle parameter.
- CVE-2020-17452Aug 9, 2020risk 0.00cvss —epss 0.02
flatCore before 1.5.7 allows upload and execution of a .php file by an admin.
Page 2 of 2