Vulners
Lucene search
CVE-2021-39608
🗓️ 23 Aug 2021 20:28:34Reported by mitreType 
cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 201 Views🌐 WEB
| Reporter | Title | Published | Views | Family All 11 |
|---|---|---|---|---|
 | FlatCore CMS 2.0.7 - Remote Code Execution (Authenticated) Vulnerability | 6 Sep 202100:00 | – | zdt |
 | CVE-2021-39608 | 24 Aug 202100:23 | – | circl |
 | FlatCore-CMS 代码问题漏洞 | 23 Aug 202100:00 | – | cnnvd |
 | flatCore remote code execution vulnerability | 24 Aug 202100:00 | – | cnvd |
 | FlatCore CMS Remote Code Execution (CVE-2021-39608) | 7 Nov 202100:00 | – | checkpoint_advisories |
 | CVE-2021-39608 | 23 Aug 202120:28 | – | cvelist |
 | FlatCore CMS 2.0.7 - Remote Code Execution (RCE) (Authenticated) | 6 Sep 202100:00 | – | exploitdb |
 | CVE-2021-39608 | 23 Aug 202121:15 | – | nvd |
 | FlatCore CMS 2.0.7 Remote Code Execution | 5 Sep 202100:00 | – | packetstorm |
 | Remote code execution | 23 Aug 202121:15 | – | prion |
10
Node
| Source | Link |
|---|---|
| packetstormsecurity | www.packetstormsecurity.com/files/164047/FlatCore-CMS-2.0.7-Remote-Code-Execution.html |
| github | www.github.com/flatCore/flatCore-CMS/issues/52 |
| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| p | query param | /index.php?p=1 | Login endpoint used in exploit chain to authenticate before uploading a webshell | CWE-434 |
| login_name | query param | /index.php?p=1 | Login endpoint used in exploit chain to authenticate before uploading a webshell | CWE-434 |
| login_psw | query param | /index.php?p=1 | Login endpoint used in exploit chain to authenticate before uploading a webshell | CWE-434 |
| login | query param | /index.php?p=1 | Login endpoint used in exploit chain to authenticate before uploading a webshell | CWE-434 |
| upload_type | data | /acp/core/files.upload-script.php | Endpoint to upload a script/plugin (upload vector) including a webshell payload | CWE-434 |
| csrf_token | data | /acp/core/files.upload-script.php | Endpoint to upload a script/plugin (upload vector) including a webshell payload | CWE-434 |
| sg | query param | /upload/plugins/sgizoid.php | Webshell uploaded via plugin path; command execution via GET parameter sg | CWE-434 |
| del | query param | /acp/acp.php?tn=moduls&sub=u&dir=plugins&del=sgizoid.php | Cleanup step to delete the uploaded webshell from server | CWE-434 |
| goto | query param | /index.php?goto=logout | Logout endpoint used to terminate session after exploitation | CWE-434 |
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
17 Jun 2026 04:03Current
7.2High risk
Vulners AI Score7.2
CVSS 3.17.2
CVSS 29
EPSS0.45948