FlatCMS.Remote.Command.Execution
Description
FlatCMS has a file access authenticate bypass vulnerability. A remote attacker could write an arbitrary code file on the Web server via send a specially-crafted URL request to the file_editor.php script, using the parameter " save_file" to name a file and write content with parameter " f_content". The attacker could write a php script file and execute it by requesting it.
Affected Products
FlatCMS versions 1.01
Impact
Gain Access
Recommended Actions
Currently we are not aware of any vendor-supplied patches for this issue.
http://flatcms.pku-info.org/
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2018-09-25 | 13.457 |