Remote Code Execution Vulnerability in Flatpress by Flatpress
CVE-2022-40048

7.2HIGH

Key Information:

Vendor: Flatpress
Status: Flatpress
Vendor: CVE Published:; 29 September 2022

Summary

Flatpress version 1.2.1 contains a vulnerability in its Upload File function that could allow remote attackers to execute arbitrary code on the server. This security flaw could lead to significant risks if exploited, including unauthorized access and potential data breaches, highlighting the importance of patching and securing affected installations.

References

http://flatpress.com

x_refsource_MISC

https://github.com/flatpressblog/flatpress/issues/152

x_refsource_MISC

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 29, 2022
Vulnerability Reserved
Sep 6, 2022