5 matches found
Cross site request forgery (csrf)
BlackCat CMS 1.2 allows remote authenticated users to inject arbitrary PHP code into info.php via a crafted newmodulename parameter to backend/addons/ajaxcreate.php. NOTE: this can be exploited via CSRF...
Design/Logic Flaw
In BlackCat CMS 1.2, backend/addons/install.php allows remote authenticated users to execute arbitrary PHP code via a ZIP archive that contains a .php file...
CVE-2017-13670
In BlackCat CMS 1.2, remote authenticated users can upload any file via the media upload function in backend/media/ajaxupload.php, as demonstrated by a ZIP archive that contains a .php file...
Design/Logic Flaw
In BlackCat CMS 1.2, remote authenticated users can upload any file via the media upload function in backend/media/ajaxupload.php, as demonstrated by a ZIP archive that contains a .php file...
CVE-2017-9609
CVE-2017-9609 refers to a cross-site scripting (XSS) vulnerability in Blackcat CMS 1.2. The issue allows remote authenticated users to inject arbitrary web script or HTML via the map_language parameter to backend/pages/lang_settings.php. Multiple connected sources (CNVD-2017-24891, NVD/NIST entry...