CVE-2017-8868

acp/core/files.browser.php in flatCore 1.4.7 allows file deletion via directory traversal in the delete parameter to acp/acp.php. The risk might be limited to requests submitted through CSRF. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt