CVE-2021-23837

An issue was discovered in flatCore before 2.0.0 build 139. A time-based blind SQL injection was identified in the selected_folder HTTP request body parameter for the acp interface. The affected parameter (which retrieves the file contents of the specified folder) was found to be accepting malicious user input without proper sanitization, thus leading to SQL injection. Database related information can be successfully retrieved.
References
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:flatcore:flatcore:*:*:*:*:*:*:*:*

Information

Published : 2021-01-14 23:15

Updated : 2021-01-22 09:27


NVD link : CVE-2021-23837

Mitre link : CVE-2021-23837


JSON object : View

CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Advertisement

dedicated server usa

Products Affected

flatcore

  • flatcore