Remote code execution (RCE) vulnerability in the Upload File functionality in Flatpress 1.2.1
The application has the functionality to upload images and download them further. The
download functionality is not sandboxed, and it does not have proper security control which can be
bypassed by tricking webserver and uploading dangerous file types which leads to RCE.
Reported On: 27th May 2022
Made Public On: 27th Sep 2022
Fixed On: 1st Oct 2022