Directory Traversal Vulnerability in flatCore 1.4.7 Allows File Deletion via acp/core/files.browser.php

Directory Traversal Vulnerability in flatCore 1.4.7 Allows File Deletion via acp/core/files.browser.php

CVE-2017-8868 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:N/A:P

acp/core/files.browser.php in flatCore 1.4.7 allows file deletion via directory traversal in the delete parameter to acp/acp.php. The risk might be limited to requests submitted through CSRF.

Learn more about our Web Application Penetration Testing UK.