3 matches found
CVE-2024-6947
CVE-2024-6947 affects Flute CMS 0.2.2.4-alpha. The issue is in the replaceContent function of ContentParser.php in the Notification Handler, allowing remote code injection. The vulnerability has been publicly disclosed and can be exploited remotely. Mitigation references suggest disabling the rep...
CVE-2024-6946
Flute CMS 0.2.2.4-alpha is affected. The vulnerability affects unknown code in /admin/pages/list, where manipulation of the blocks argument leads to code injection. It is a remote, unauthenticated issue with high impact (C storage, I, A). Exploitation has been disclosed publicly. The connected so...
CVE-2024-6945
Flute CMS 0.2.2.4-alpha contains a critical flaw in the Avatar Upload Page component, affecting the file app/Core/Http/Controllers/Profile/ImagesController.php. The vulnerability arises from manipulating the avatar parameter, enabling unrestricted remote upload. Multiple sources confirm exploitat...