Login Sign Up

CVE-2020-22761

8.8 HIGH
CSRF

📋 TL;DR

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in FlatPress 1.1 that allows attackers to trick authenticated administrators into performing unauthorized file deletions via the DeleteFile function. Attackers can craft malicious web pages that, when visited by logged-in administrators, automatically send requests to delete files on the FlatPress server. This affects all FlatPress 1.1 installations with administrative access.

💻 Affected Systems

Products:
  • FlatPress
Versions: 1.1
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires administrator authentication - attackers must trick logged-in admins into visiting malicious pages.

📦 What is this software?

Flatpress by Flatpress

View all CVEs affecting Flatpress →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete website defacement or data loss through deletion of critical files, potentially including configuration files, content files, or the entire installation.

🟠

Likely Case

Partial content deletion leading to website disruption, loss of blog posts, media files, or configuration settings.

🟢

If Mitigated

No impact if proper CSRF protections are implemented or if administrators don't visit malicious sites while authenticated.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires social engineering to get authenticated administrators to visit malicious pages.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.1.1

Vendor Advisory: https://github.com/flatpressblog/flatpress/issues/64

Restart Required: No

Instructions:

1. Download FlatPress 1.1.1 from official repository. 2. Backup current installation. 3. Replace affected files with patched versions. 4. Verify functionality.

🔧 Temporary Workarounds

CSRF Token Implementation

all

Add CSRF tokens to the DeleteFile function in admin.php

Edit flat/admin.php to include CSRF token validation before file deletion operations

Restrict Admin Access

all

Limit administrative access to trusted networks only

Configure firewall rules to restrict /admin/ paths to internal IPs

🧯 If You Can't Patch

  • Implement strict SameSite cookie policies and require re-authentication for sensitive actions
  • Use browser extensions that block CSRF attempts and educate administrators about phishing risks

🔍 How to Verify

Check if Vulnerable:

Check if running FlatPress 1.1 by examining version in admin panel or checking flatpress/version.txt

Check Version:

cat flatpress/version.txt

Verify Fix Applied:

Verify installation is version 1.1.1 or later, and test that CSRF tokens are required for file deletion actions

📡 Detection & Monitoring

Log Indicators:

  • Multiple file deletion requests from same admin session without corresponding page loads
  • DELETE requests to admin.php without referrer headers

Network Indicators:

  • HTTP requests to /flat/admin.php with deletefile parameter from unexpected referrers

SIEM Query:

source="web_logs" AND uri="/flat/admin.php" AND method="POST" AND params="deletefile" AND NOT referrer CONTAINS "yourdomain.com"

📊 Metadata

CVE ID: CVE-2020-22761
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-352
Published: July 30, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-22761, you might also want to check these:

CVE-2025-23922 10.0

A Cross-Site Request Forgery (CSRF) vulnerability in the Harsh iSpring Embedder WordPress plugin all...

Same vulnerability type (CWE-352)
CVE-2020-23426 9.8

CVE-2020-23426 is a privilege escalation vulnerability in zzcms 201910 that allows attackers to gain...

Same vulnerability type (CWE-352)
CVE-2024-33449 9.8

This SSRF vulnerability in PDFMyURL allows attackers to make the service send requests to internal s...

Same vulnerability type (CWE-352)