Filtered by vendor Flatcore
Subscribe
Total
23 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-7878 | 1 Flatcore | 1 Flatcore-cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read and write to the users database. | |||||
| CVE-2017-7877 | 1 Flatcore | 1 Flatcore-cms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| CSRF vulnerability in flatCore version 1.4.6 allows remote attackers to modify CMS configurations. | |||||
| CVE-2017-1000428 | 1 Flatcore | 1 Flatcore-cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| flatCore-CMS 1.4.6 is vulnerable to reflected XSS in user_management.php due to the use of $_SERVER['PHP_SELF'] to build links and a stored XSS in the admin log panel by specifying a malformed User-Agent string. | |||||