Filter by tag: flatcore

flatCore CMS 1.4.6: Remote Code Execution and Easteregg

9 min read 17 Oct 2017 by Dennis Detering
flatCore is a lightweight Content Management System (CMS) based on PHP and SQLite. We tested the latest stable version 1.4.6 with RIPS and detected, among others, a critical persistent cross-site scripting vulnerability (CVE-2017-1000428) that can be used by an unauthenticated adversary to attack administrators and to execute PHP code on the web server.