Technical Advisory

Through sharp, technical and insightful analysis, the Payatu Team is constantly on the lookout for vulnerabilities and threats. This section exhibits a few of our findings.

Technical Advisory

Through sharp, technical and insightful analysis, the Payatu Team is constantly on the lookout for vulnerabilities and threats. This section exhibits a few of our findings.

Remote code execution (RCE) via Upload File bypass in Flatpress 1.2.1

Vulnerability

Remote code execution (RCE) vulnerability in the Upload File functionality in Flatpress 1.2.1

Description

The application has the functionality to upload images and download them further. The

download functionality is not sandboxed, and it does not have proper security control which can be

bypassed by tricking webserver and uploading dangerous file types which leads to RCE.

CVE-ID

CVE-2022-40048

Vendor

Flatpress

Product

FlatPress v1.2.1

Disclosure Timeline

Reported On: 27th May 2022

Made Public On: 27th Sep 2022

Fixed On: 1st Oct 2022

Credits

Sandeep Wawdane

DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Let’s make cyberspace secure together!

Requirements

What our clients are saying!

Trusted by