Project: Github flatCore/flatCore-CMS 20191112

Vulnerability: #9253367 (2019-11-12 09:27:15)

Warning

There are many false positives, or unexploitable vulnerabilities. Please create working "PoC" exploit before reporting anything to vendor!

Details:

Sink PHP::echo
Risk _POST
/flatCore-CMS-master/install/php/createDB.php:13 (show/hide source)
1  <?php
2  
3  /**
4   * install flatCore
5   * create the sqlite database files
6   */
7  
8  if(!defined('INSTALLER')) {
9  	header("location:../login.php");
10  	die("PERMISSION DENIED!");
11  }
12  
13 $username = $_POST['username'];
14 $mail = $_POST['mail']; 15 $psw = $_POST['psw'];
Threat level 2

Callstack:

@INLINE::/flatCore-CMS-master/install/php/createDB.php /flatCore-CMS-master/install/php/createDB.php:197 (show/hide source)
177  	$dbh->query($sql_insert_prefs);
178  
179  $dbh = null;
180  
181  
182  /**
183   * DATABASE TRACKER
184   */
185  
186  $sql_hits_table = generate_sql_query("fc_hits.php");
187  $sql_log_table = generate_sql_query("fc_log.php");
188  
189  $dbh = new PDO("sqlite:../$fc_db_stats");
190  
191  $dbh->query($sql_hits_table);
192  $dbh->query($sql_log_table);
193  
194  $dbh = null;
195  
196  
197 echo '<div class="alert alert-success">'.$lang['installed'].' | Admin: '.$username.'</div>';
198 echo '<hr><a class="btn" href="../acp/index.php">'.$lang['link_admin'].'</a><hr>'; 199