CVE-2021-39608 – flatCore / flatCore CMS – Unrestricted file upload
CVE-2021-39608 is an unrestricted file upload vulnerability impacting FlatCore-CMS version 2.0.7. An exploit was observed in open source and a link to an exploit was shared in the underground. Additionally, a walk through demo of a PoC was shared via YouTube.
Summary:
CVE-2021-39608 is an unrestricted file upload vulnerability impacting FlatCore-CMS version 2.0.7. An exploit was observed in open source and a link to an exploit was shared in the underground. Additionally, a walk through demo of a PoC was shared via YouTube.
PoC Links(if available):
Exploit DB link –
https://www.exploit-db.com/exploits/50262
Known Counter Measures:
The vendor addressed the vulnerability in FlatCore-CMS version 2.0.8.
Links to patches(if available)
https://github.com/flatCore/flatCore-CMS/releases
