Cross site request forgery (csrf)

BlackCat CMS 1.2 allows remote authenticated users to inject arbitrary PHP code into info.php via a crafted newmodulename parameter to backend/addons/ajaxcreate.php. NOTE: this can be exploited via CSRF...

BlackCat CMS Arbitrary PHP Code Execution Vulnerability

BlackCat CMS is a PHP5, HTML5 content management system. An arbitrary PHP code execution vulnerability exists in the backend/addons/install.php file in BlackCat CMS, which can be exploited by remote attackers to execute arbitrary PHP code via a ZIP archive containing the .php file...