This repository has been archived by the owner on Jan 5, 2023. It is now read-only.
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session.
You signed out in another tab or window. Reload to refresh your session.
There is a vulnerability in
flatcore cms 1.4.7 B: 73, which could delete content.sqlite3 file.
And by exploiting this vulnerability the application won't be accessible.
This vulnerability occurs because the file deletion request is just a GET request and there is no CSRF protection on the endpoint
This is the request is
http://localhost/flatCore-CMS/acp/acp.php?tn=filebrowser&sub=browse&delete=../../content/SQLite/content.sqlite3&d=1&start=0
The text was updated successfully, but these errors were encountered: