acp/core/files.browser.php in flatCore 1.4.7 allows file deletion via directory traversal in the delete parameter to acp/acp.php. The risk might be limited to requests submitted through CSRF.
References
Link | Resource |
---|---|
https://github.com/flatCore/flatCore-CMS/issues/30 | Issue Tracking Patch Third Party Advisory |
Configurations
Information
Published : 2017-05-09 22:29
Updated : 2017-05-17 11:15
NVD link : CVE-2017-8868
Mitre link : CVE-2017-8868
JSON object : View
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Products Affected
flatcore
- flatcore-cms