Flatcore Cms

flatcore-cms

Vendor: Flatcore • 13 CVEs

CVEs (13)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-43118 1Flatcore 1Flatcore Cms May 1, 2025 Nov 9, 2022 N/A· v4 6.1 MEDIUM· v3 N/A· v2 A cross-site scripting (XSS) vulnerability in flatCore-CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Username text field.
CVE-2021-41402 1Flatcore 1Flatcore Cms Nov 21, 2024 Jun 16, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 flatCore-CMS v2.0.8 has a code execution vulnerability, which could let a remote malicious user execute arbitrary PHP code.
CVE-2021-41403 1Flatcore 1Flatcore Cms Nov 21, 2024 Jun 15, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 flatCore-CMS version 2.0.8 calls dangerous functions, causing server-side request forgery vulnerabilities.
CVE-2021-40902 1Flatcore 1Flatcore Cms Nov 21, 2024 Jun 13, 2022 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 flatCore-CMS version 2.0.8 is affected by Cross Site Scripting (XSS) in the "Create New Page" option through the index page.
CVE-2021-42245 1Flatcore 1Flatcore Cms Nov 21, 2024 Jun 6, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 FlatCore-CMS 2.0.9 has a cross-site scripting (XSS) vulnerability in pages.edit.php through meta tags and content sections.
CVE-2021-3745 1Flatcore 1Flatcore Cms Nov 21, 2024 Oct 28, 2021 N/A· v4 6.6 MEDIUM· v3 6.0 MEDIUM· v2 flatcore-cms is vulnerable to Unrestricted Upload of File with Dangerous Type
CVE-2021-39609 1Flatcore 1Flatcore Cms Nov 21, 2024 Aug 23, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Cross Site Scripting (XSS) vulnerability exiss in FlatCore-CMS 2.0.7 via the upload image function.
CVE-2021-39608 1Flatcore 1Flatcore Cms Nov 21, 2024 Aug 23, 2021 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 Remote Code Execution (RCE) vulnerabilty exists in FlatCore-CMS 2.0.7 via the upload addon plugin, which could let a remote malicious user exeuct arbitrary php code.
CVE-2017-1000428 1Flatcore 1Flatcore Cms Nov 21, 2024 Jan 10, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 flatCore-CMS 1.4.6 is vulnerable to reflected XSS in user_management.php due to the use of $_SERVER['PHP_SELF'] to build links and a stored XSS in the admin log panel by specifying a malformed User-Agent string.
CVE-2017-8868 1Flatcore 1Flatcore Cms May 13, 2026 May 10, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 acp/core/files.browser.php in flatCore 1.4.7 allows file deletion via directory traversal in the delete parameter to acp/acp.php. The risk might be limited to requests submitted through CSRF.
CVE-2017-7879 1Flatcore 1Flatcore Cms May 13, 2026 Apr 14, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read the content database.
CVE-2017-7878 1Flatcore 1Flatcore Cms May 13, 2026 Apr 14, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read and write to the users database.
CVE-2017-7877 1Flatcore 1Flatcore Cms May 13, 2026 Apr 14, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 CSRF vulnerability in flatCore version 1.4.6 allows remote attackers to modify CMS configurations.