Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in flatCore before 2.0.0 build 139. A local file disclosure vulnerability was identified in the docs_file HTTP request body parameter for the acp interface. This can be exploited with admin access rights. The affected parameter (which retrieves the contents of the specified file) was found to be accepting malicious user input without proper sanitization, thus leading to retrieval of backend server sensitive files, e.g., /etc/passwd, SQLite database files, PHP source code, etc.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
flatCore 输入验证错误漏洞
Vulnerability Description
flatCore是一套基于PHP和SQLite的轻量级内容管理系统(CMS)。 flatCore CMS 2.0.0 build 139版本之前存在输入验证错误漏洞,该漏洞源于在程序的"docs_file"中发现了本地文件泄露漏洞"acp"接口的HTTP请求主体参数。攻击者可利用该漏洞获取敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A