Skip to content
This repository has been archived by the owner on Jan 5, 2023. It is now read-only.

Unprotected sqlite file deletion #30

Closed
pradeepch99 opened this issue May 8, 2017 · 2 comments
Closed

Unprotected sqlite file deletion #30

pradeepch99 opened this issue May 8, 2017 · 2 comments

Comments

@pradeepch99
Copy link

There is a vulnerability in
flatcore cms 1.4.7 B: 73, which could delete content.sqlite3 file.

And by exploiting this vulnerability the application won't be accessible.

This vulnerability occurs because the file deletion request is just a GET request and there is no CSRF protection on the endpoint

This is the request is
http://localhost/flatCore-CMS/acp/acp.php?tn=filebrowser&sub=browse&delete=../../content/SQLite/content.sqlite3&d=1&start=0

patkon added a commit that referenced this issue May 8, 2017
@patkon
Copy link
Member

patkon commented May 9, 2017

Thank you for checking the Code. I've fixed that.

@pradeepch99
Copy link
Author

Thank you for quick response and fix.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants