First published: Sun Aug 09 2020(Updated: )
flatCore before 1.5.7 allows upload and execution of a .php file by an admin.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Flatcore Flatcore | <1.5.7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-17452 is a vulnerability in flatCore CMS that allows an admin to upload and execute a .php file.
CVE-2020-17452 has a severity rating of 7.2 (critical).
An admin can exploit CVE-2020-17452 by uploading and executing a .php file.
Yes, a fix for CVE-2020-17452 is available in flatCore version 1.5.7 and above.
More information about CVE-2020-17452 can be found at the following references: [link 1](https://lists.openwall.net/full-disclosure/2020/08/07/1) and [link 2](https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-flatcore-cms/).