3 matches found
CVE-2021-23835
An issue was discovered in flatCore before 2.0.0 build 139. A local file disclosure vulnerability was identified in the docsfile HTTP request body parameter for the acp interface. This can be exploited with admin access rights. The affected parameter which retrieves the contents of the specified...
CVE-2021-23835
An issue was discovered in flatCore before 2.0.0 build 139. A local file disclosure vulnerability was identified in the docsfile HTTP request body parameter for the acp interface. This can be exploited with admin access rights. The affected parameter which retrieves the contents of the specified...
CVE-2021-23835
CVE-2021-23835 affects flatCore prior to 2.0.0 build 139. The issue is a local file disclosure in the docs_file HTTP request body parameter of the acp interface, which accepts malicious user input and can reveal sensitive backend files (e.g., /etc/passwd, SQLite DBs, PHP source) when an attacker ...