CVE-2021-39608 – flatCore / flatCore CMS – Unrestricted file upload

September 7, 2021

CVE-2021-39608 is an unrestricted file upload vulnerability impacting FlatCore-CMS version 2.0.7. An exploit was observed in open source and a link to an exploit was shared in the underground. Additionally, a walk through demo of a PoC was shared via YouTube.

Summary:

CVE-2021-39608 is an unrestricted file upload vulnerability impacting FlatCore-CMS version 2.0.7. An exploit was observed in open source and a link to an exploit was shared in the underground. Additionally, a walk through demo of a PoC was shared via YouTube.

PoC Links(if available):

Exploit DB link –
https://www.exploit-db.com/exploits/50262

Known Counter Measures:

The vendor addressed the vulnerability in FlatCore-CMS version 2.0.8.

Links to patches(if available)

https://github.com/flatCore/flatCore-CMS/releases

You may have missed

Basta

Black Basta Ransomware Victim: bdcm[.]com

April 30, 2024
ai checkout2

Smart devices: new law helps citizens to choose secure products

April 30, 2024
CISA Logo

CISA: CISA Releases Four Industrial Control Systems Advisories

April 30, 2024
CISA Logo

CISA: CISA and Partners Release Advisory on Akira Ransomware

April 30, 2024
CISA Logo

CISA: Oracle Releases Critical Patch Update Advisory for April 2024

April 30, 2024