# Exploit Title: [ flatCore < 1.5 CSRF Vulnerability for Arbitrary .php File Upload via files.upload-script.php]
# Date: [2024-10-26]
# Exploit Author: [CodeSecLab]
# Vendor Homepage: [https://github.com/flatCore/flatCore-CMS]
# Software Link: [https://github.com/flatCore/flatCore-CMS]
# Version: [d3a5168]
# Tested on: [Ubuntu Windows]
# CVE : [CVE-2019-13961]
PoC:
CSRF PoC
[Replace Your Domain Name]