8 matches found
EUVD-2017-16852
Malware in sbrugna...
EUVD-2017-16853
Malware in sbrugna...
CVE-2021-23838
An issue was discovered in flatCore before 2.0.0 build 139. A reflected XSS vulnerability was identified in the mediafilter HTTP request body parameter for the acp interface. The affected parameter accepts malicious client-side script without proper input sanitization. For example, a malicious us...
CVE-2017-7878
SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read and write to the users database...
CVE-2020-17451
flatCore before 1.5.7 allows XSS by an admin via the acp/acp.php?tn=pages&sub=edit&editpage=1 pagelinkname, pagetitle, pagecontent, or pageextracontent parameter, or the acp/acp.php?tn=system&sub=syspref prefspagename, prefspagetitle, or prefspagesubtitle parameter...
CVE-2020-17451
flatCore before 1.5.7 allows XSS by an admin via the acp/acp.php?tn=pages&sub=edit&editpage=1 pagelinkname, pagetitle, pagecontent, or pageextracontent parameter, or the acp/acp.php?tn=system&sub=syspref prefspagename, prefspagetitle, or prefspagesubtitle parameter...
CVE-2017-7879
SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read the content database...
Cross site request forgery (csrf)
CSRF vulnerability in flatCore version 1.4.6 allows remote attackers to modify CMS configurations...