PT-2019-11965 · Flatcore · Flatcore
Geeeez
·
Publicado
2019-03-30
·
Atualizado
2019-04-01
·
CVE-2019-10652
CVSS v3.1
7.2
Alta
| Vetor | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
flatCore version 1.4.7
Description
An issue was discovered that allows remote authenticated administrators to upload arbitrary .php files, related to the addons feature in acp/acp.php.
Recommendations
For flatCore version 1.4.7, consider disabling the addons feature or restricting file uploads to prevent exploitation until a patch is available.
Exploit
Correção
Unrestricted File Upload
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Flatcore