PT-2019-11965 · Flatcore · Flatcore
Geeeez
·
Published
2019-03-30
·
Updated
2019-04-01
·
CVE-2019-10652
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
flatCore version 1.4.7
Description
An issue was discovered that allows remote authenticated administrators to upload arbitrary .php files, related to the addons feature in acp/acp.php.
Recommendations
For flatCore version 1.4.7, consider disabling the addons feature or restricting file uploads to prevent exploitation until a patch is available.
Exploit
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Flatcore