| Title | flute-cms.com Web-based CMS for server games written on PHP v0.2.2.4-alpha Remote Code Execute (RCE) |
|---|
| Description | By logging in as an admin user and navigating to the /admin/pages/list page, an attacker can customize routes and pages. In the page content definition, it suggests that we can insert HTML code, but even if PHP code is inserted, it will still be parsed. |
|---|
| Source | ⚠️ https://github.com/DeepMountains/Mirage/blob/main/CVE5-2.md |
|---|
| User | Dee.Mirage (UID 71702) |
|---|
| Submission | 07/16/2024 08:42 (2 years ago) |
|---|
| Moderation | 07/20/2024 12:06 (4 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 272068 [Flute CMS 0.2.2.4-alpha /admin/pages/list blocks code injection] |
|---|
| Points | 17 |
|---|