We've joined Protect AIJoin us over there for bounties up to $50,000+ for vulnerabilities in AI/ML repos

Code Injection in flatcore/flatcore-cms

Valid

Reported on

Oct 13th 2021

Description

Another code injection payload in link_name.

Proof of Concept

Insert into linkname

${`sleep 10`}

Go to http://[FLATCORE-IP]/flatCore-CMS/content/cache/cache_lastedit.php and see that the page has stopped for 10 seconds.

${} escapes the string, ` switches context to OS commands.

Impact

Blind RCE as admin user.

Occurrences

should clean permalinks too

We have contacted a member of the flatcore/flatcore-cms team and are waiting to hear back 2 years ago
haxatron modified the report
2 years ago
Patrick validated this vulnerability 2 years ago
haxatron has been awarded the disclosure bounty
The fix bounty is now up for grabs
Patrick marked this as fixed with commit 2cb02c 2 years ago
Patrick has been awarded the fix bounty
This vulnerability will not receive a CVE
functions.php#L389L397 has been validated
to join this conversation