Skip to content
main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
CVE-mitre/CVE-2021-39609/
CVE-mitre/CVE-2021-39609/

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
doc
 
 
 
 
 
 

CVE-2021-39609

Description:

Cross-Site Scripting (XSS SVG - Stored - PWNED PHPSESSID RCE) vulnerability exists in FlatCore-CMS 2.0.7 via the upload image function. When the malicious user tricks the administrator of the CMS system to upload the malicious SVG file, then he can be already executed this code from everywhere on the internet, and things will be more worst than ever for the owner of this CMS system! ;)

@nu11secur1ty


PHPSESSID PWNED:

XSS SVG - Stored:

Structure and tactic of the attack:

      • FOR A LOT OF PEOPLE WHO DON'T REALLY UNDERSTAND THE PROBLEM!
    • Trick the admin of the CMS system to upload the malicious SVG file.
    • Get PHPSESSID and exploit the victim :D ;)
      • Good luck :D ;)

Discusion: