Primary

Context

Flatnux Authenticated File Upload Vulnerability Leading to Remote Code Execution

Vulnerability

A file upload vulnerability allowing administrative users to upload arbitrary PHP files has been identified in Flatnux version 2021-03.25. This vulnerability arises from an unrestricted upload feature in the file manager, which can be exploited by admin users to upload malicious PHP scripts to the web root directory. Such actions could lead to remote code execution on the server.

Impact

Exploitation of this vulnerability allows for remote code execution on the server where Flatnux 2021-03.25 is installed.

Reproduction

To reproduce this vulnerability, an authenticated administrative user can upload a PHP file through the file manager. The uploaded file will be placed in the web root directory, where it can be executed, leading to remote code execution on the server.

Added: Dec 19, 2025, 9:21 PM

Updated: Dec 19, 2025, 9:21 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

10.0

exploitability

6.3

remediation

0.0

relevance

1.5

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

10.0

exploitability

6.3

remediation

0.0

relevance

1.5

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Flatnux Authenticated File Upload Vulnerability Leading to Remote Code Execution

Vulnerability

Impact

Reproduction

Affected Products

Flatnux

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating