FlatCMS.Remote.Command.Execution

description-logoDescription

FlatCMS has a file access authenticate bypass vulnerability. A remote attacker could write an arbitrary code file on the Web server via send a specially-crafted URL request to the file_editor.php script, using the parameter " save_file" to name a file and write content with parameter " f_content". The attacker could write a php script file and execute it by requesting it.

affected-products-logoAffected Products

FlatCMS versions 1.01

Impact logoImpact

Gain Access

recomended-action-logoRecommended Actions

Currently we are not aware of any vendor-supplied patches for this issue.
http://flatcms.pku-info.org/

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2018-09-25 13.457