Lucene search
K

5 matches found

Prion
Prion
added 2017/08/31 4:29 a.m.15 views

Cross site request forgery (csrf)

BlackCat CMS 1.2 allows remote authenticated users to inject arbitrary PHP code into info.php via a crafted newmodulename parameter to backend/addons/ajaxcreate.php. NOTE: this can be exploited via CSRF...

6.5CVSS8.3AI score0.0055EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2017/08/31 4:29 a.m.12 views

Design/Logic Flaw

In BlackCat CMS 1.2, backend/addons/install.php allows remote authenticated users to execute arbitrary PHP code via a ZIP archive that contains a .php file...

6.5CVSS8.6AI score0.01164EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2017/08/31 4:29 a.m.18 views

CVE-2017-13670

In BlackCat CMS 1.2, remote authenticated users can upload any file via the media upload function in backend/media/ajaxupload.php, as demonstrated by a ZIP archive that contains a .php file...

6.5CVSS6.3AI score0.00837EPSS
Exploits1References1
Prion
Prion
added 2017/08/31 4:29 a.m.16 views

Design/Logic Flaw

In BlackCat CMS 1.2, remote authenticated users can upload any file via the media upload function in backend/media/ajaxupload.php, as demonstrated by a ZIP archive that contains a .php file...

4CVSS6.3AI score0.00837EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2017/07/17 9:0 p.m.51 views

CVE-2017-9609

CVE-2017-9609 refers to a cross-site scripting (XSS) vulnerability in Blackcat CMS 1.2. The issue allows remote authenticated users to inject arbitrary web script or HTML via the map_language parameter to backend/pages/lang_settings.php. Multiple connected sources (CNVD-2017-24891, NVD/NIST entry...

5.4CVSS5AI score0.01521EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder