CVE-2024-41290

HIGH

FlatPress CMS <1.3.1 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-41290. PoCs published by paragbagul111.

AI-analyzed exploit summary The repository describes an insecure storage vulnerability in FlatPress CMS v1.3.1, where authentication data (usernames and hashed passwords) is stored in client-side cookies, exposing them to potential unauthorized access. The writeup provides technical details about the affected component and impact but lacks exploit code.

Description

FlatPress CMS v1.3.1 1.3 was discovered to use insecure methods to store authentication data via the cookie's component.

Exploits (1)

nomisec WRITEUP

by paragbagul111 · poc

https://github.com/paragbagul111/CVE-2024-41290

View Code ZIP pw:eip

The repository describes an insecure storage vulnerability in FlatPress CMS v1.3.1, where authentication data (usernames and hashed passwords) is stored in client-side cookies, exposing them to potential unauthorized access. The writeup provides technical details about the affected component and impact but lacks exploit code.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: FlatPress CMS v1.3.1

No auth needed

Prerequisites: Access to client-side cookies of a user

MITRE ATT&CK

T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Third Party Advisory

https://github.com/paragbagul111/CVE-2024-41290

Scores

CVSS v3 8.1

EPSS 0.0042

EPSS Percentile 33.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-315

Status published

Products (1)

flatpress/flatpress 1.3.1

Published Oct 02, 2024

Tracked Since Feb 18, 2026