CVE-2021-39608

High

Remote Code Execution (RCE) vulnerabilty exists in FlatCore-CMS 2.0.7 via the upload addon plugin, which could let a remote malicious user…

mitre·CWE-434·Published 2021-08-23

CVSS

7.2

EPSS

0.47

KEV

Exploits

cve.orgen

165 chars

Remote Code Execution (RCE) vulnerabilty exists in FlatCore-CMS 2.0.7 via the upload addon plugin, which could let a remote malicious user exeuct arbitrary php code.

NVDen

165 chars

Remote Code Execution (RCE) vulnerabilty exists in FlatCore-CMS 2.0.7 via the upload addon plugin, which could let a remote malicious user exeuct arbitrary php code.

Se presenta una vulnerabilidad de ejecución de código remota (RCE) en FlatCore-CMS versión 2.0.7, por medio del plugin upload addon, que podría permitir a un usuario remoto malicioso ejecutar código php arbitrario.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	9.0	8.0	10.0	AV:N/AC:L/Au:S/C:C/I:C/A:C
3.1	Primary	NVD	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H