Flatcore · Flatcore · CVE-2019-10652
**Name of the Vulnerable Software and Affected Versions**
flatCore version 1.4.7
**Description**
An issue was discovered that allows remote authenticated administrators to upload arbitrary .php files, related to the addons feature in acp/acp.php.
**Recommendations**
For flatCore version 1.4.7, consider disabling the addons feature or restricting file uploads to prevent exploitation until a patch is available.